cancel
Showing results for 
Search instead for 
Did you mean: 

Cannot authenticate NAC via Active Directory

Cannot authenticate NAC via Active Directory

ECOMMERCE_hbudu
New Contributor II
2017-02-11 14:16:04,522 ERROR [SambaInstallationManager] Failed to join domain: "ERUTIP.LOCAL" for user: "administrator" with error code: 1 kinit succeeded but ads_sasl_spnego_krb5_bind failed: Unspecified GSS failure. Minor code may provide more information : Clock skew too great
ADS join did not work, falling back to RPC...
Unable to find a suitable server for domain ERUTIP
Unable to find a suitable server for domain ERUTIP
Failed to join domain: failed to connect to AD: Unspecified GSS failure. Minor code may provide more information : Clock skew too great

2017-02-11 14:16:04,523 ERROR [SambaInstallationManager] Looked up IP "ERUTIP.LOCAL" => ERUTIP.LOCAL/10.120.120.121 and was able to ping it.
2017-02-11 14:16:04,527 ERROR [SambaInstallationManager] The user: "erutip\administrator" and password were verified via LDAP and we verified the user is a domain admin.

4 REPLIES 4

NoufalQA
New Contributor

I have the same issue

 

Steve_Ballantyn
Contributor
Oh boy. I have also had this problem in the past. You are not getting the full story in these error messages. The "time error" is probably a red-herring [insert punchline].

I'll bet that there are better clues in the Windows Event Logs of your AD servers. How many AD servers do you have? If it's only a couple, I would check the Security Event logs on all of your controllers and see what they are reporting from the Windows side of things.

ECOMMERCE_hbudu
New Contributor II
Hi Steve,

I checked it. NAC, Purview, Netsight, Wireless Controller and Microsoft Active Directory has same time and timezone.

Steve_Ballantyn
Contributor
Hello hbudus,

The devil is in the details! Here is what is wrong, "Clock skew too great". The time and date needs to match what is on your AD controllers. It is probably an incorrect time zone somewhere.

Are you using NTP to keep your clocks in sync? Ideally you want everything on your network using the same time source.
GTM-P2G8KFN