Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass Guest with AD integration with Cisco WLC

This thread has been viewed 5 times

  • 1.  ClearPass Guest with AD integration with Cisco WLC

    Posted Sep 04, 2018 07:49 AM
      |   view attached

    Hi All,

     

    I am having issues authenticating AD users via guest portal. The setup is:

    - Cisco WLC based guest network

    - ClearPass based guest portal

     

    Self registration/guest authentication is working perfectly fine. On the Log in page, I have a hyperlink that says "Staff Login" and it takes the user to a web log in page created to authenticate staff members (Active Directory).

     

    Have tried on multiple AD accounts and user AD authentication through web login page is failing. I've tested same credentials through CPPM CLI and it worked fine.

    I have attached logs file and access tracket screenshot. Apprecaite your help here.

     

    CPPM version is: 6.7.4.107401 

    WLC is: 8.2.166.0

    Access Tracker.pngAlerts.png

     

    Attachment(s)

    txt
    Logs.txt   55 KB 1 version


  • 2.  RE: ClearPass Guest with AD integration with Cisco WLC

    EMPLOYEE
    Posted Sep 04, 2018 08:13 AM
    Use PAP


  • 3.  RE: ClearPass Guest with AD integration with Cisco WLC

    Posted Sep 04, 2018 08:43 AM
    Hi Tim,
    They have security concerns with PAP and insisted to use CHAP.


  • 4.  RE: ClearPass Guest with AD integration with Cisco WLC

    Posted Sep 04, 2018 08:44 PM

    Anythig else you can recommend?



  • 5.  RE: ClearPass Guest with AD integration with Cisco WLC

    EMPLOYEE
    Posted Sep 05, 2018 09:37 AM

    Use MSCHAP/v2 (if you can) insted of CHAP. MSCHAP will work against AD.