Security

Reply
New Contributor

mschap error 691 on zentyal AD

Hi, I'm observing strange behaviour on clearpass 6.7:

I have AD on zentyal and CPPM has joined the domain, ldap search is working fine, ad auth from cppm cli works fine.

[appadmin@cppm1]# ad auth -u jk -n labs
Password:
NT_STATUS_OK: Success (0x0)

But when I try to authenticate from windows 10 or android device i'm rejected with such message:

Radius:Microsoft:MS-CHAP-ErrorOE=691 R=1

Re: mschap error 691 on zentyal AD

I'm not familiar with zentyal AD. I found this reference to the same error, which suggests that it has to do with NTLMv1 being disabled (on different products though). Please be advised that you should avoid PEAP-MSCHAPv2 whenever possible, only exceptions are when you have 100% control over your client to lock down the configuration, or if you don't mind that the user's password leaks out.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: