Security

Hi Everyone

I am trying to joing CLaer pass against LDAP

I get this error

If you are not going to use the administrator account, then I think you may need to specify the domain in the username.  domain\user for example, if you haven't already.
Original Message:
Sent: Nov 14, 2022 11:32 AM
From: John ramos
Subject: Clear Pass Join LDAP

Hi Everyone

I am trying to joing CLaer pass against LDAP

I get this error

The DNS server ip that the clearpass server is configured with should be a domain controller that can resolve server names for persencetral.es

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
------------------------------

Original Message:
Sent: Nov 14, 2022 11:32 AM
From: John ramos
Subject: Clear Pass Join LDAP

Hi Everyone

I am trying to joing CLaer pass against LDAP

I get this error

Enviado desde mi iPhone


Original Message:
Sent: 11/14/2022 1:57:00 PM
From: cjoseph
Subject: RE: Clear Pass Join LDAP

The DNS server ip that the clearpass server is configured with should be a domain controller that can resolve server names for persencetral.es

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
------------------------------

Original Message:
Sent: Nov 14, 2022 11:32 AM
From: John ramos
Subject: Clear Pass Join LDAP

Hi Everyone

I am trying to joing CLaer pass against LDAP

I get this error

Hi

In addition to the previously mentioned prerequisites, when joining an Active Directory domain the user account utilized for the joining must have correct permissions in the domain.
The user account must have the domain permission to create computer accounts, and in addition to this, the account must have permission to edit the created computer account.
Often users have just the right to join the domain and not to edit the computer object. Hence the ClearPass domain join will fail.

Either the user utilized in the domain join must be granted permission to edit the computer object created or as a domain administrator to perform the join operation.

One way to achieve the correct permissions in an environment with strict security is to ask a domain administrator to add the computer object first, and grant the user account utilized for the domain join operation permission to edit the computer account.

------------------------------
Best Regards
Jonas Hammarbäck
ACCX #1335, ACMP, ACDP, ACNSP, ACEP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------

Original Message:
Sent: Nov 14, 2022 11:32 AM
From: John ramos
Subject: Clear Pass Join LDAP

Hi Everyone

I am trying to joing CLaer pass against LDAP

I get this error

Hi 

Thanks for your reply .

That's correct, the user created didn't have AD administrator permissions. When the AD administrators added this user, to the admin group the clear pass made join
Original Message:
Sent: Nov 15, 2022 02:14 AM
From: Jonas Hammarback
Subject: Clear Pass Join LDAP

Hi

In addition to the previously mentioned prerequisites, when joining an Active Directory domain the user account utilized for the joining must have correct permissions in the domain.
The user account must have the domain permission to create computer accounts, and in addition to this, the account must have permission to edit the created computer account.
Often users have just the right to join the domain and not to edit the computer object. Hence the ClearPass domain join will fail.

Either the user utilized in the domain join must be granted permission to edit the computer object created or as a domain administrator to perform the join operation.

One way to achieve the correct permissions in an environment with strict security is to ask a domain administrator to add the computer object first, and grant the user account utilized for the domain join operation permission to edit the computer account.

------------------------------
Best Regards
Jonas Hammarbäck
ACCX #1335, ACMP, ACDP, ACNSP, ACEP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution

Original Message:
Sent: Nov 14, 2022 11:32 AM
From: John ramos
Subject: Clear Pass Join LDAP

Hi Everyone

I am trying to joing CLaer pass against LDAP

I get this error