04-11-2019 06:55 AM
11-18-2019 07:45 AM
Hi guys,
thanks for your recommendations. My problem was I wasn’t able to join the NAC GW to the AD. The LDAP authentication was working perfectly to authenticate users to XMC’s GUI, but we need to authenticate users for 802.1x as well and it requires NAC GW to be joined to AD.
I made some troubleshooting based on yours recommendations but it didn’t help. Finally I opened a ticket and the problem was, we had the binding user identity filled out as a CN, not as a DOMAIN\sAMAccountName.
Gabriel
10-27-2019 06:42 PM
Hello,
The domain join has many pieces that need to be in place in order for it to be functional. I can’t say I know all in detail but I can give you a run down of my functional knowledge of the process.
Here is an example of a successful bind to a DC:
Generally what we do is perform a NACCTL restart and see what error is thrown during the attempt to join, from there you can get an idea of what may be going wrong, take a trace and try to fix.
Thanks
-Ryan
10-25-2019 04:13 PM
Hi Gabriel,
The authentication issue or even domain join issue?
What do you see in EAC engine logs? (could be looked at https://<NAC IP>:8444 if not directly under Linux CLI)
AFAIR once I had this and it turned out to be an LDAP search root issue (semicolon instead of comma in e.g. ‘DC=something, DC=else, DC=com’), XMC-based LDAP test was successful but in EAC engine logs I could see that it parsed the string in a way that it was looking for a glitchy domain name.
As a last resort, call GTAC.
Hope that helps,
Tomasz
10-24-2019 11:23 AM
Hi guys,
did you solved the problem? We’ve a same one. We set the privileges according to the GTAC knowledge recommendation, but it’s not working. I tried to put the bindig account the the Domain Administrators group, but it didn’t help. I’ve tried to set it in two different environments, but I have the same results at both. So I think, I’m doing something in a wrong way, or there is some other dependency, which is not described in the GTAC manual. When you have a solution publish it, please.
Thanks
Gabriel