Security

Hi,

Trying to join a ClearPass server to an AD.

All seems to go well, but in the end I get an error with message:

INFO - Using Administrator as the AD01's username
Enter Administrator's password:
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Unspecified GSS
failure. Minor code may provide more information : Ticket expired
Failed to join domain: failed to connect to AD: Unspecified GSS
failure. Minor code may provide more information : Ticket expired
INFO - Restoring smb configuration
INFO - Restoring krb5 configuration file
INFO - Deleting domain directories for 'CP'
ERROR - CPPM failed to join the domain CP.INT with domain controller
as ad01.cp.int
Join domain failed

I see the computername back in AD, in eventviewer I see the Kerberos authentication go well.

TRied it several times to join, even installed ClearPass again.  But can't find any message related on the website.

time is ok on both servers, not exceeding the 5 minutes. FQDN of domain controller is ok

Does anyone have an idea?

Thanks in advance

kind regards Andre

Hi Victor,

Thanks for your reply.

I read the URL you posted. However, the error message I have is not in there. This URL is talking about time difference, FQDN, privilege level and constraint.

all of these are correct.

The message I get is talking about a ticket expired. Seems to be related to Kerberos. But on the AD I see that the machine is registering itselfs, administrator user is granted.

The specific message I receive is:

Enter Administrator's password:
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Unspecified GSS
failure. Minor code may provide more information : Ticket expired

So if someone has a suggestion, it would be welcome.

Thanks again.

Did you setup an NTP server in ClearPass?

Is your ClearPass server and domain confgirued with the same timezone?

Hi Victor,

It was indeed the timezone difference on both servers. Time was exactly the same. So that was a bit confusing.

Thanks for your help.

Kind regards André