Security

Reply
Contributor I
Posts: 44
Registered: ‎03-10-2014

Backup AD server can't work on TACACS Authentication

Dear all experts,

I'm implementing Clearpass with my customer. I'm implement 3 feature : dot1X, VPN  and TACACS with my clearpass. They're work fine. However my customer have some AD servers on his office and he want clearpass to do backup authentication source feature. So i configured on "Configuration > Authenticaiton > Source > ..." .  and create authentication source profile. After that i add backup1 and backup2 on this profile and set it to dot1X service , VPN service and TACACS service. Then i dio the testing and found that when i disconnect AD1 from network , dot1X  and VPN still can authenticate but TACACS can't. However on thing that i found that dot1X and VPN authenticate with AD1 source , not AD2 , even AD1 just down. So i think they use local cache of clearpass for authentication. However TACACS can't authenticate. So i did "Clear cache" on this authentication source profile and try to test again. So i found that dot1X and VPN can correctly authenticate with AD2 but TACACS still can't authenticate too. So i must connect AD1 back again , all 3 services can authenticate with AD1 immediately by no need to clear cache anything. So could you please help me how to fix for TACACS to support backup AD authentication source to work.

 

Thanks you,

Guru Elite
Posts: 20,978
Registered: ‎03-29-2007

Re: Backup AD server can't work on TACACS Authentication

Please open a TAC case.  There could be something specific in your configuration that is preventing failover from happening, or it could be a bug.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 44
Registered: ‎03-10-2014

Re: Backup AD server can't work on TACACS Authentication

It's work now by i extend "tacacs timeout .." parameter on cisco devices. So it can help me work fine now.





Search Airheads
Showing results for 
Search instead for 
Did you mean: