Security

last person joined: 20 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CPPM 6.4 RE-attempt AD login setting

This thread has been viewed 1 times

  • 1.  CPPM 6.4 RE-attempt AD login setting

    Posted Aug 19, 2014 05:19 PM

    Hi:

    The release notes for CPPM 6.4 talk about this:

     

    A new Service parameter, Re-attempt AD login with different Username formats, lets you
    control re-tries with different user name formats to the Active Directory in MS CHAP v2
    authentication. (#23701)

     

    I couldn't find this. Does anyone know where this option lives in the GUI?

     

    Thanks,

    Tony

     

     



  • 2.  RE: CPPM 6.4 RE-attempt AD login setting

    EMPLOYEE
    Posted Aug 19, 2014 05:23 PM

    Server configuration > Service Parameters > Radius server

     

    It's enabled by default.

     

    re-attempt-ad.png



  • 3.  RE: CPPM 6.4 RE-attempt AD login setting

    Posted Aug 19, 2014 05:55 PM

    Thanks for the reply.

     

    The help file has not been updated with a full description of this option.

     

    But it sure seems like a darned good idea to set this to FALSE to help avoid account lockouts.

     

    Thoughts?

     



  • 4.  RE: CPPM 6.4 RE-attempt AD login setting

    Posted Aug 12, 2015 12:48 PM

    Does anyone know what the different formats are that CPPM will try?



  • 5.  RE: CPPM 6.4 RE-attempt AD login setting

    Posted Aug 12, 2015 12:52 PM

    Nevermind!

     

    http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-does-ClearPass-perform-MSCHAPV2-authentication-across-AD/ta-p/240056

     

    #1 The username as provided

    #2 The samAccountName as returned from the auth source

    #3 The full username@domain