Security

Reply
New Contributor
Posts: 2
Registered: ‎04-13-2013

ClearPass Join AD Domain

When ClearPass join to AD Domain, we need to put in FQDN of the AD server, please advise if there is another Backup AD Server, do we need to join to the backup AD Server by put in FQDN of the backup AD Server as well? Thanks for advise.

Guru Elite
Posts: 8,456
Registered: ‎09-08-2010

Re: ClearPass Join AD Domain

You should be able to put in the full domain name instead of the DC and it
should use DNS SRV records.



Sent from my BlackBerry Z10

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: ClearPass Join AD Domain

[ Edited ]

When performing the actual join process to the domain, you can use any AD server.  It is a one time setup process.    However, when you create your Authentication Source to use Active DIrectory, you can then use primary and backup (or multiple backup) servers to reflect your desire to use multiple domain controllers.  

 

OR, you can just specify your domain name and allow AD DNS source the best DC for you. 

 

You can backup servers and separate tabs will be made for the Authentication source to use multiple servers.

 

cp-ad-source-backups.jpg

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

New Contributor
Posts: 2
Registered: ‎04-13-2013

Re: ClearPass Join AD Domain

Thanks for the step. Yes we have added in backup AD in the authentication source. As for join domain we have tried to use domain name and allowed AD DNS to resolve but it keep failing thus we use fqdn of the AD server to join domain. Pardon me for I've little understanding in windows structure, but as I know like when join domain in PC we use only domain name and not the full AD server fqdn, since in CPPM we use fqdn of the AD server and its one time process, am I correct that when the primary AD server which cppm joined down, it will have no impact in the authentication process? Thanks

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: ClearPass Join AD Domain

that is correct.  it is used just to join the domain initially and that's all.   Authentications rely on the primary and backup servers that you define separately within the AD authentication source.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

MVP
Posts: 1,110
Registered: ‎10-11-2011

Re: ClearPass Join AD Domain

If you create an AD authentication source and use the domain name (not a server FQDN) as the primary server, what happens when no backup server is listed and the DC that ClearPass selected is not available?  Is it smart enough to pick find another server based on the SRV records it received?  If not, I would assume you need to put in a server's FQDN as backup server.  For example:

 

Authentication Source

Primary Server: acme.com

Backup Server: dc.acme.com

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Search Airheads
Showing results for 
Search instead for 
Did you mean: