AAA, NAC, Guest Access & BYOD

How to add External Authentication source to CPPM

by on ‎07-18-2014 05:41 AM

Introduction : This is used to authenticate users using Captive Portal or Dot 1 x as well as in Tacacs service to authenticate users on network devices including ClearPass and Airwave.

Note: If  EAP-PEAP with MSCHAPv2 will be used, then CPPM will need to be joined to the domain as well.
Please refer https://na2.salesforce.com/knowledge/publishing/articlePreview.apexp?id=kA340000000GqcP for details about this.

 

Environment : This article is written on CPPM 6.x

 

Configuration Steps : How to find the Bind DN for a user for Active Directory.

1: C:\Users\Administrator>dsquery user
This will return the bind DN for each users.
C:\Users\Administrator>dsquery user
"CN=Administrator,CN=Users,DC=clearpass,DC=aruba,DC=com"
"CN=Guest,CN=Users,DC=clearpass,DC=aruba,DC=com"
"CN=krbtgt,CN=Users,DC=clearpass,DC=aruba,DC=com"
"CN=Iuser,CN=Users,DC=clearpass,DC=aruba,DC=com"
"CN=Nuser,CN=Users,DC=clearpass,DC=aruba,DC=com"
"CN=Auser,CN=Users,DC=clearpass,DC=aruba,DC=com"

We can use any bind DN based on the privileges we need.


Configuration on CPPM.


 Navigate  to Configuration – Authentication – Sources and click “Add Authentication Source"

rtaImage.png


Fill in the details below and hit "Next".

rtaImage.png


Fill in the details below:

rtaImage.png

Hostname : Provide the IP or the Hostname of the AD server.
Connection Security : We can choose from the drop down.
Port : 389 by default.
Verify Server Certificate : This option is not required to be enabled if port 389 is selected by default.
Bind DN :  Bind DN can be fetched from the Active directory by running the command below on the Windows server CLI.
C:\Users\Administrator>dsquery user
OR Bind DN can be entered just as administrator@your_company.com

After entering the aove details click on " Search Base Dn"

It will open up a new window as below.


rtaImage.png


Select the correct Base DN and hit Save. After Save, hit "Next"

We can add/remove attributes based on our requirements. This can be used later to authenticate a specific group of users with a common attribute to a given role.

Click Next.


rtaImage.png


Hit "Save" and exit.

We have successfully added the Active directory as an authentication source.

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.