Security

Reply
Occasional Contributor II
Posts: 21
Registered: ‎03-16-2015

Active Directory Authentication for wireless users

A customer wants mobile users at a university to authenticate to join in the network by making the clearpass authenticate from the active directory using dot1x.

the mobile phones aren't joined the domain or anything, just the username and password that they will use to login are stored in the active directory, is this possible?

how different will it be if we are authenticating machines that are joined in the domain?

I am getting a bit confused.

thanks in advance

Guru Elite
Posts: 19,990
Registered: ‎03-29-2007

Re: Active Directory Authentication for wireless users

The short answer is yes for mobile devices.  They connect rather easily.

 

For the domain devices you will probably want to use group policy to push the wireless profiles to domain computers.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Guru Elite
Posts: 7,852
Registered: ‎09-08-2010

Re: Active Directory Authentication for wireless users

This is the most common deployment of 802.1X. I'm not really sure what you're asking. 


Thanks, 
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 21
Registered: ‎03-16-2015

Re: Active Directory Authentication for wireless users

If a PC is not joined in a domain but has the credentials stored on the active directory, and another PC is joined the domain,

what is the difference in authenticating both, what changes in configuration will i have to do?

Guru Elite
Posts: 7,852
Registered: ‎09-08-2010

Re: Active Directory Authentication for wireless users

For user authentication, nothing is different. Machine authentication requires client side configuration via group policy. Are you working with an Aruba partner? 


Thanks, 
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 21
Registered: ‎03-16-2015

Re: Active Directory Authentication for wireless users

You mean just to enable the wired autoconfig service and enable dot1x authentication on the network connection, right?

Guru Elite
Posts: 7,852
Registered: ‎09-08-2010

Re: Active Directory Authentication for wireless users

No you don't need to enable anything. The wireless supplicant is enabled by default. If you are trying to do machine authentication, you should push down a group policy with the supplicant configuration. 


Thanks, 
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: