MSM Series
Showing results for 
Search instead for 
Do you mean 

MSM760 Controller - Active Directory authentication

Occasional Contributor

MSM760 Controller - Active Directory authentication



I need help configuring my MSM760 for Active Directory authentication, I've succesfully joined a domain and activated the default Active directory groups on my controller. 


I configured the VSC to use 802.1X authentication and checked in the box for Active Directory authentication.


When I try to connect to the network I get the error message "Network authentication failed because of a problem with the user account".


This is my first time working with this type of solution, any kind of tip that would point my in the right direction would be highly appreciated!


Super Advisor

Re: MSM760 Controller - Active Directory authentication

Try the below link from HP, has full details about Active Directory configuration, it is an old one but still valid:


Occasional Contributor

Re: MSM760 Controller - Active Directory authentication

Hi, thanks for the answer!


However I'm still having problems, maybe I should have mentioned in the OP that I'm running against a Samba 4 Domain aswell.


On the supplicant I ran: netsh ras set tracing * enabled. Everything seems to be fine until the end of the log when I recieve the following error:


[13660] 07-09 12:25:38:425: Success received...
[13660] 07-09 12:25:38:426: Done :)
[13660] 07-09 12:25:38:426: GetClientMPPEKeys
[7996] 07-09 12:25:38:506: EapMSChapv2MakeMessage
[7996] 07-09 12:25:38:506: EapMSChapv2CMakeMessage (\administrator)
[7996] 07-09 12:25:38:506: EMV2_CHAPAuthSuccess
[7996] 07-09 12:25:38:506: EapMSChapv2CMakeMessage: rcvd invalid pk, code: 4, expecting 3
[7996] 07-09 12:25:38:542: EapMSChapv2End
[7996] 07-09 12:25:38:542: ChapEnd


I've googled my heart out on this problem but have yet to find anything usefull, maybe Samba is just not supported by the controller?


Thanks again for the help!




Frequent Advisor

Re: MSM760 Controller - Active Directory authentication

Samba... it's a good guess.


the controller do ldap query to specific attribute (MsNPAllowDialin) in ad, that i don't think are implemented by samba.


i wolu try to find a you can che have a radius implementation that interface with the samba AD, like IAS do with Microsoft AD.