Security

Reply
Frequent Contributor II
Posts: 143
Registered: ‎07-27-2012

CPPM 6.4 RE-attempt AD login setting

Hi:

The release notes for CPPM 6.4 talk about this:

 

A new Service parameter, Re-attempt AD login with different Username formats, lets you
control re-tries with different user name formats to the Active Directory in MS CHAP v2
authentication. (#23701)

 

I couldn't find this. Does anyone know where this option lives in the GUI?

 

Thanks,

Tony

 

 

Guru Elite
Posts: 8,458
Registered: ‎09-08-2010

Re: CPPM 6.4 RE-attempt AD login setting

[ Edited ]

Server configuration > Service Parameters > Radius server

 

It's enabled by default.

 

re-attempt-ad.png


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II
Posts: 143
Registered: ‎07-27-2012

Re: CPPM 6.4 RE-attempt AD login setting

Thanks for the reply.

 

The help file has not been updated with a full description of this option.

 

But it sure seems like a darned good idea to set this to FALSE to help avoid account lockouts.

 

Thoughts?

 

Occasional Contributor II
Posts: 11
Registered: ‎06-15-2015

Re: CPPM 6.4 RE-attempt AD login setting

Does anyone know what the different formats are that CPPM will try?

Occasional Contributor II
Posts: 11
Registered: ‎06-15-2015

Re: CPPM 6.4 RE-attempt AD login setting

Nevermind!

 

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-does-ClearPass-perform-MSCHAPV2-authentication-across-AD/ta-p/240056

 

#1 The username as provided

#2 The samAccountName as returned from the auth source

#3 The full username@domain

Search Airheads
Showing results for 
Search instead for 
Did you mean: