Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CPPM Cluster Integration to AD

This thread has been viewed 0 times

  • 1.  CPPM Cluster Integration to AD

    Posted Sep 06, 2017 06:25 AM
    Hi Experts,
    I have a cluster design CPPM and I want to integrate it to AD. Do I need to integrate it also from the subscriber's perspective or only in the publisher?
    Thanks


  • 2.  RE: CPPM Cluster Integration to AD

    EMPLOYEE
    Posted Sep 06, 2017 06:56 AM
    If you're using PEAPv0/EAP-MSCHAPv2 and each node is authenticating clients, then they all need it be joined to the domain.


  • 3.  RE: CPPM Cluster Integration to AD

    Posted Sep 06, 2017 07:49 AM
    Hi cappalli,
    Thanks again for your help.
    I am using EAP-TLS for authentication.


  • 4.  RE: CPPM Cluster Integration to AD

    EMPLOYEE
    Posted Sep 06, 2017 07:51 AM
    Then you do not need to join your servers to the domain.


  • 5.  RE: CPPM Cluster Integration to AD

    Posted Sep 06, 2017 08:48 AM
    Hi cappalli,
    But actually what we will do is to get the CN in the certificate the and check it against the AD. So meaning we still need to integrate it to the AD.


  • 6.  RE: CPPM Cluster Integration to AD

    EMPLOYEE
    Posted Sep 06, 2017 08:49 AM
    You do not need to join the ClearPass servers to the domain. You only need to set up an AD authentication source that will be used for authorization.


  • 7.  RE: CPPM Cluster Integration to AD

    Posted Sep 06, 2017 08:53 AM

    hi cappalli,

    yes you are correct but before we can set the AD as authentication source we need to integrate the CPPM cluster to the AD right? Do I need to integrate also the subscribers?



  • 8.  RE: CPPM Cluster Integration to AD

    EMPLOYEE
    Posted Sep 06, 2017 08:54 AM
    All authentication source configuration is done on the publisher.


  • 9.  RE: CPPM Cluster Integration to AD

    Posted Sep 06, 2017 09:09 AM

    yes, meaning the AD integration will in the publisher only and not also in the subscribers?



  • 10.  RE: CPPM Cluster Integration to AD

    EMPLOYEE
    Posted Sep 06, 2017 09:12 AM
    No. Just like most of the other configuration that is done on the publisher, it will work on all nodes.