Frequent Contributor II

Read Only Domain Controller causing user authentication problems


We're running MSCHAP authentication for users to an AD domain.

A few weeks ago we put a read only domain controller online at another site (online 24/7 via VPN tunnel).

All was fine until today when Clearpass decided to start using the RODC to authenticate users. All user authentication failed.

When I typed 'show domain' from the console, it listed the RODC as the 'Domain Server Ip Address'.

Once I shut down the tunnel to the RODC, clearpass went back to using local servers. 

How to I force Clearpass to use local servers for user auth?

Configuration » Authentication » Sources lists only the local servers for primary and backups.

Administration » Server Manager » Server Configuration lists only the local severs under the AD Domains section.

What else do I need to do to force local server auth?




Guru Elite

Re: Read Only Domain Controller causing user authentication problems



I don't know if there is a problem with read-only domain controllers or not.  To restrict the domain controllers to only the ones you want to contact, you can do this:


Go to Administration > Server Manager > Server Configuration > Click on Server > and click on a little tiny icon called "Password Servers" at the bottom.  You can then add the ip addresses tht you want mschapv2 restricted to for authentication.



*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba VIA ASE Solution - Configure VIA VPN
Search Airheads
Showing results for 
Search instead for 
Did you mean: