Wireless Access

Hi friends!

 

I have a CPPM but not added to the domain (I got AD defined in to do a bind)

 

I get this error with my wired dot1x anyone come across this?

 

What privileges does your bind account have in AD?

You should really join CPPM to the domain.

yep you are right I know, well I got this "political problem" there are you using wired dot1x where you are?

oops - not sure what privilidges the account has need to check with wintel guys

CPPM has to be joined to the domain to read the MSCHAPv2 credentials....wired or wireless authentications.

Thanks all very much appreciated!

So am I right in thinking this is a kerberos thing?

It is just the way AD stores the user passwords .  Because of this, joining the domain is necessary in order to interpret/read it.  

 

If you're having "political" issues joining the domain, tell your administrators that they can join it to the domain for you.  The account and credentials used to join it to the domain are only used during the join.  Subsequent logon authentications are done with the bind account.  This account can have minimal rights in AD; typicaly configured as a "normal user".  

Thanks for the advice and understanding, it never ceases to amaze me how sometime people resist change but there you go!