Thanks a lot for your reply / this information.
> Which protocols have you tried at this point?
I tried CHAP and PEAP-msCHAPv2.
> If you have NTLM authentication set can you also confirm you have successfully joined the AD and that winbindd is running with correct trust secret?
I did check it now, and there is an error:
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
checking the trust secret for domain (null) via RPC calls failed
failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not check secret
Will try to figure this out and fix it.
For the moment, thanks for this hint!
I set it up using XCC controller using MS-CHAPV2 authentication:
Make sure your Control AAA configuration has a line to handle either "Management" auth type or "*":
Then make sure there is a rule that provides the correct authorization string for management access:
When you set the AAA line up for "LDAP Authentication" NAC should attempt to join the domain controller on enforce, it will also attempt to join on services restart:
You can check the /var/log/tag.log to see if there was a domain join failure or success:
If domain join fails, check permissions:
You can check the status of the management login if you go to Alarms/Events --> Type Access Control/NAC
Let me know if any of this helps.