Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass and Active Directory

This thread has been viewed 6 times

  • 1.  ClearPass and Active Directory

    Posted Jul 06, 2018 12:01 PM

    Hi guys,

     

    In ClearPass we can add AD as Authentication Source (Configuration > Authentication > Sources) and joining the AD domain (Administration > Server Manager > Server Configuration > Join AD Domain).

    What is the difference between both? Can we join the AD domain without adding the AD as Authentication Source? What is the use of each part?

     

    Regards,

    Julián



  • 2.  RE: ClearPass and Active Directory
    Best Answer

    EMPLOYEE
    Posted Jul 06, 2018 12:08 PM
    Domain join is required for legacy EAP methods like PEAP to validate the password. The auth source is used to derive the SID, for authorization functions and for non-EAP authentication.


  • 3.  RE: ClearPass and Active Directory

    Posted Jul 06, 2018 12:14 PM

    Hi,

     

    Yes, for EAP-TLS ClearPass doesn't need to join the AD domain. Then when dealing with PEAP, can we join the AD domain without adding the AD as auth source?

     

    Regards,

    Julián



  • 4.  RE: ClearPass and Active Directory

    EMPLOYEE
    Posted Jul 06, 2018 12:16 PM
    RE: EAP-TLs, correct
    RE: PEAP, you need both


  • 5.  RE: ClearPass and Active Directory

    Posted Jul 06, 2018 12:18 PM

    Ok, many thanks!

     

    Regards,

    Julián