Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass and AD Synchronization (Cache Timeout)

This thread has been viewed 14 times

  • 1.  ClearPass and AD Synchronization (Cache Timeout)

    Posted May 24, 2018 01:56 AM
      |   view attached

    Is there any disadvantage or negative effect if I will lessen the Cache Timeout to 180sec (3mins)?

     

    ClearPass does not sync with AD in real-time every time I change something on AD.

     

    Thank you for the help.



  • 2.  RE: ClearPass and AD Synchronization (Cache Timeout)

    EMPLOYEE
    Posted May 24, 2018 01:59 AM
    ClearPass does not sync any data. It simply caches authorization data from previous authentications. I would not recommend going below 5 minutes in a busy environment.


  • 3.  RE: ClearPass and AD Synchronization (Cache Timeout)

    Posted May 24, 2018 02:06 AM

    Hi. Thank you for the information. How then I could update the ClearPass in real-time every time there is changes on the AD? Thank you.



  • 4.  RE: ClearPass and AD Synchronization (Cache Timeout)
    Best Answer

    EMPLOYEE
    Posted May 24, 2018 02:08 AM
    Are that many changes really occuring in AD? That's not very common.


  • 5.  RE: ClearPass and AD Synchronization (Cache Timeout)

    Posted May 24, 2018 02:27 AM

    They have a AD policy that every month users should change password.



  • 6.  RE: ClearPass and AD Synchronization (Cache Timeout)

    EMPLOYEE
    Posted May 24, 2018 02:29 AM
    Passwords have nothing to do with authorization cache. Passwords are directly validated every time.


  • 7.  RE: ClearPass and AD Synchronization (Cache Timeout)

    Posted May 24, 2018 02:35 AM

    When user change password, it will disconnect from wlan. It will only connect after hours.



  • 8.  RE: ClearPass and AD Synchronization (Cache Timeout)

    EMPLOYEE
    Posted May 24, 2018 02:37 AM
    You should work with Aruba TAC and/or your partner. There could be many reasons.


  • 9.  RE: ClearPass and AD Synchronization (Cache Timeout)

    Posted Sep 20, 2018 10:18 AM

    If Authorization happens not in a real time, if any changes i made in AD, it may create a security threat for ex: i move the user from one to another group how it can works effectively