how to join NAC in a domain

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Hi,

how can i join the NAC in a domain?

Thanks!
Photo of Marlon

Marlon

  • 1,570 Points 1k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Bharathiraja, Suresh

Bharathiraja, Suresh, Employee

  • 3,536 Points 3k badge 2x thumb
Hi Marlon,

Please check this article.

https://gtacknowledge.extremenetworks.com/articles/Q_A/How-do-I-know-if-the-NAC-has-joined-the-domai...

let us know if this answers your question.

Thanks,
Suresh.B
Photo of Marlon

Marlon

  • 1,570 Points 1k badge 2x thumb
Hi Suresh,

thanks!

I can't find [NACInfoLogger] Joined Active Directory Domain logs in my NAC.

how can I join the NAC to active directory? is there any procedure?


thanks!
Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 5,416 Points 5k badge 2x thumb
Hello,
The procedure to join to a NAC domain is done automatically with the onboard SAMBA package that is deployed. In order to trigger this join attempt you must have an Advanced AAA configuration with at least one line set to "LDAP Authentication" and pointed to an LDAP configuration that is set to "NTLM Authentication"

The NAC determines who the domain controller is to attempt to join by doing a DNS lookup of the domain configured. 

The NAC uses the "user" and "Password" fields from the LDAP configuration to attempt to join the active directory. 

The NAC will attempt to re-join the active directory if a nacctl restart is issued, or if a configuration change is made that removes, and then reapplies the LDAP authentication or NTLM authentication configuration pieces.

Thanks
-Ryan
Photo of Bharathiraja, Suresh

Bharathiraja, Suresh, Employee

  • 3,536 Points 3k badge 2x thumb
Hi Marlon,
Please let us know if you have any further questions.


Thanks,
Suresh.B
Photo of Marlon

Marlon

  • 1,570 Points 1k badge 2x thumb
Hi Ryan/Suresh,

thanks for the explanation.

unfortunately my NAC cannot joined the Domain.

i tried the kb below

https://gtacknowledge.extremenetworks.com/articles/Solution/802-1x-authentication-doesn-t-work-for-W...

result in our NAC



same result. do we need a certificate to join the NAC to domain?

thanks
Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 5,470 Points 5k badge 2x thumb
Hello, 

Please check out the following article. Typically these are permissions type issues that need to be looked at.

https://gtacknowledge.extremenetworks.com/articles/Q_A/Why-Are-Reset-Password-Permissions-Needed-for...

Thanks
-Ryan