Wireless Access

Contributor II

Clearpass and AD Account Lockout

One particular user is keep getting locked out from AD only when he is on wireless.



2 7210 Controllers



Symptom: The user logon into his laptop and connect to the network via wireless. On CPPM Asset Tracker, i can see him connected first as Machine Auth and afterward, User Auth. About 5 minutes later, I am seeing the laptop sending an Authenication request and being rejected by Clearpass due to BadPassword. His  laptop is doing this every minutes to the point where it lock out his AD account. I have updating the NIC driver and even put the user on 5 different laptops. It does the same thing from all of the 5 laptops. All the bad password attempt are coming from the Mac Address of the laptop that he is currently using at the time. 


When we disabel his wireless NIC, we stop seeing attempt request (disable NIC for 4 hrs). As soon as we enable wireless again, we see the user get authenicate and connected to wireless successufully intially, but then 5-7 minutes later, he is getting rejected within Clearpass for bad password attempted every minutes and it won't stop until we disable his wireless NIC.


Chan K.



Guru Elite

Re: Clearpass and AD Account Lockout

Do you have a screenshot of the "Alert" tab in Access Tracker when the user is rejected?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba Technical Webinars
Contributor II

Re: Clearpass and AD Account Lockout

Attached is the "Alert" tab from the reject session. I know error code 216 is indicating bad password, but it's not.


Chan K.

Trusted Contributor I

Re: Clearpass and AD Account Lockout

did you try removing his AD account and adding it again? does he perhaps have a weird character in the password?