Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass Join AD Domain

This thread has been viewed 9 times

  • 1.  ClearPass Join AD Domain

    Posted Aug 01, 2013 12:21 PM

    When ClearPass join to AD Domain, we need to put in FQDN of the AD server, please advise if there is another Backup AD Server, do we need to join to the backup AD Server by put in FQDN of the backup AD Server as well? Thanks for advise.



  • 2.  RE: ClearPass Join AD Domain

    EMPLOYEE
    Posted Aug 01, 2013 12:43 PM
    You should be able to put in the full domain name instead of the DC and it
    should use DNS SRV records.



    Sent from my BlackBerry Z10


  • 3.  RE: ClearPass Join AD Domain

    Posted Aug 01, 2013 11:12 PM

    When performing the actual join process to the domain, you can use any AD server.  It is a one time setup process.    However, when you create your Authentication Source to use Active DIrectory, you can then use primary and backup (or multiple backup) servers to reflect your desire to use multiple domain controllers.  

     

    OR, you can just specify your domain name and allow AD DNS source the best DC for you. 

     

    You can backup servers and separate tabs will be made for the Authentication source to use multiple servers.

     

    cp-ad-source-backups.jpg



  • 4.  RE: ClearPass Join AD Domain

    Posted Aug 02, 2013 01:10 PM

    Thanks for the step. Yes we have added in backup AD in the authentication source. As for join domain we have tried to use domain name and allowed AD DNS to resolve but it keep failing thus we use fqdn of the AD server to join domain. Pardon me for I've little understanding in windows structure, but as I know like when join domain in PC we use only domain name and not the full AD server fqdn, since in CPPM we use fqdn of the AD server and its one time process, am I correct that when the primary AD server which cppm joined down, it will have no impact in the authentication process? Thanks



  • 5.  RE: ClearPass Join AD Domain

    Posted Aug 02, 2013 10:05 PM

    that is correct.  it is used just to join the domain initially and that's all.   Authentications rely on the primary and backup servers that you define separately within the AD authentication source.



  • 6.  RE: ClearPass Join AD Domain

    Posted Apr 13, 2014 09:58 AM

    If you create an AD authentication source and use the domain name (not a server FQDN) as the primary server, what happens when no backup server is listed and the DC that ClearPass selected is not available?  Is it smart enough to pick find another server based on the SRV records it received?  If not, I would assume you need to put in a server's FQDN as backup server.  For example:

     

    Authentication Source

    Primary Server: acme.com

    Backup Server: dc.acme.com