New Contributor

mschap error 691 on zentyal AD

Hi, I'm observing strange behaviour on clearpass 6.7:

I have AD on zentyal and CPPM has joined the domain, ldap search is working fine, ad auth from cppm cli works fine.

[appadmin@cppm1]# ad auth -u jk -n labs
NT_STATUS_OK: Success (0x0)

But when I try to authenticate from windows 10 or android device i'm rejected with such message:

Radius:Microsoft:MS-CHAP-ErrorOE=691 R=1

Re: mschap error 691 on zentyal AD

I'm not familiar with zentyal AD. I found this reference to the same error, which suggests that it has to do with NTLMv1 being disabled (on different products though). Please be advised that you should avoid PEAP-MSCHAPv2 whenever possible, only exceptions are when you have 100% control over your client to lock down the configuration, or if you don't mind that the user's password leaks out.

If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
Showing results for 
Search instead for 
Did you mean: