Header Only - DO NOT REMOVE - Extreme Networks

how to join NAC in a domain


Userlevel 2
Hi,

how can i join the NAC in a domain?

Thanks!

6 replies

Userlevel 4
Hi Marlon,

Please check this article.

https://gtacknowledge.extremenetworks.com/articles/Q_A/How-do-I-know-if-the-NAC-has-joined-the-domai...

let us know if this answers your question.

Thanks,
Suresh.B
Userlevel 2
Hi Suresh,

thanks!

I can't find [NACInfoLogger] Joined Active Directory Domain logs in my NAC.

how can I join the NAC to active directory? is there any procedure?

thanks!
Userlevel 6
Marlon wrote:

Hi Suresh,

thanks!

I can't find [NACInfoLogger] Joined Active Directory Domain logs in my NAC.

how can I join the NAC to active directory? is there any procedure?

thanks!

Hello,
The procedure to join to a NAC domain is done automatically with the onboard SAMBA package that is deployed. In order to trigger this join attempt you must have an Advanced AAA configuration with at least one line set to "LDAP Authentication" and pointed to an LDAP configuration that is set to "NTLM Authentication"

The NAC determines who the domain controller is to attempt to join by doing a DNS lookup of the domain configured.

The NAC uses the "user" and "Password" fields from the LDAP configuration to attempt to join the active directory.

The NAC will attempt to re-join the active directory if a nacctl restart is issued, or if a configuration change is made that removes, and then reapplies the LDAP authentication or NTLM authentication configuration pieces.

Thanks
-Ryan
Userlevel 4
Hi Marlon,
Please let us know if you have any further questions.

Thanks,
Suresh.B
Userlevel 2
Hi Ryan/Suresh,

thanks for the explanation.

unfortunately my NAC cannot joined the Domain.

i tried the kb below

https://gtacknowledge.extremenetworks.com/articles/Solution/802-1x-authentication-doesn-t-work-for-W...

result in our NAC



same result. do we need a certificate to join the NAC to domain?

thanks
Userlevel 6
Hello,

Please check out the following article. Typically these are permissions type issues that need to be looked at.

https://gtacknowledge.extremenetworks.com/articles/Q_A/Why-Are-Reset-Password-Permissions-Needed-for...

Thanks
-Ryan

Reply