AAA, NAC, Guest Access & BYOD

How to add External Authentication source to CPPM

Introduction : This is used to authenticate users using Captive Portal or Dot 1 x as well as in Tacacs service to authenticate users on network devices including ClearPass and Airwave.

Note: If  EAP-PEAP with MSCHAPv2 will be used, then CPPM will need to be joined to the domain as well.
Please refer https://na2.salesforce.com/knowledge/publishing/articlePreview.apexp?id=kA340000000GqcP for details about this.

 

Environment : This article is written on CPPM 6.x

 

Configuration Steps : How to find the Bind DN for a user for Active Directory.

1: C:\Users\Administrator>dsquery user
This will return the bind DN for each users.
C:\Users\Administrator>dsquery user
"CN=Administrator,CN=Users,DC=clearpass,DC=aruba,DC=com"
"CN=Guest,CN=Users,DC=clearpass,DC=aruba,DC=com"
"CN=krbtgt,CN=Users,DC=clearpass,DC=aruba,DC=com"
"CN=Iuser,CN=Users,DC=clearpass,DC=aruba,DC=com"
"CN=Nuser,CN=Users,DC=clearpass,DC=aruba,DC=com"
"CN=Auser,CN=Users,DC=clearpass,DC=aruba,DC=com"

We can use any bind DN based on the privileges we need.


Configuration on CPPM.


 Navigate  to Configuration – Authentication – Sources and click “Add Authentication Source"

rtaImage.png


Fill in the details below and hit "Next".

rtaImage.png


Fill in the details below:

rtaImage.png

Hostname : Provide the IP or the Hostname of the AD server.
Connection Security : We can choose from the drop down.
Port : 389 by default.
Verify Server Certificate : This option is not required to be enabled if port 389 is selected by default.
Bind DN :  Bind DN can be fetched from the Active directory by running the command below on the Windows server CLI.
C:\Users\Administrator>dsquery user
OR Bind DN can be entered just as administrator@your_company.com

After entering the aove details click on " Search Base Dn"

It will open up a new window as below.


rtaImage.png


Select the correct Base DN and hit Save. After Save, hit "Next"

We can add/remove attributes based on our requirements. This can be used later to authenticate a specific group of users with a common attribute to a given role.

Click Next.


rtaImage.png


Hit "Save" and exit.

We have successfully added the Active directory as an authentication source.

Version history
Revision #:
1 of 1
Last update:
‎07-18-2014 05:41 AM
Updated by:
 
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.