Frequent Contributor II

Read Only Domain Controller causing user authentication problems


We're running MSCHAP authentication for users to an AD domain.

A few weeks ago we put a read only domain controller online at another site (online 24/7 via VPN tunnel).

All was fine until today when Clearpass decided to start using the RODC to authenticate users. All user authentication failed.

When I typed 'show domain' from the console, it listed the RODC as the 'Domain Server Ip Address'.

Once I shut down the tunnel to the RODC, clearpass went back to using local servers. 

How to I force Clearpass to use local servers for user auth?

Configuration » Authentication » Sources lists only the local servers for primary and backups.

Administration » Server Manager » Server Configuration lists only the local severs under the AD Domains section.

What else do I need to do to force local server auth?




Guru Elite

Re: Read Only Domain Controller causing user authentication problems



I don't know if there is a problem with read-only domain controllers or not.  To restrict the domain controllers to only the ones you want to contact, you can do this:


Go to Administration > Server Manager > Server Configuration > Click on Server > and click on a little tiny icon called "Password Servers" at the bottom.  You can then add the ip addresses tht you want mschapv2 restricted to for authentication.



*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Search Airheads
Showing results for 
Search instead for 
Did you mean: