Security

Reply
Occasional Contributor II
Posts: 36
Registered: ‎04-14-2015

ClearPass authentication source

Dear Community,

 

Is it any difference between the following two methods using ClearPass?Which one is recommended?

  1. Create an authentication source (e.g. Active Directory) with a Backup server, and use this authentication source when we create a service.
  2. Create two authentication sources with no backup servers, and use them in a service as authentication sources.

Thank you for your answer in advance.

Best regards,

 

Guru Elite
Posts: 20,794
Registered: ‎03-29-2007

Re: ClearPass authentication source

The backup server parameter only provides a backup ldap server to look the user up to see if that user exists. If you are using 802.1x the actual server utilized is determined by which one AD directs the authentication request to. What are you trying to accomplish?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 36
Registered: ‎04-14-2015

Re: ClearPass authentication source

Dear Cjoseph,

 

We are not trying to accomplish anything special, just want to know which one is best. 

We just wondering if it is any difference between the two solutions.

If we have two replicated ADs, than it is the best way to create an authentication source with a backup instead of create two authentication source. Am I right?

 

 

Guru Elite
Posts: 8,325
Registered: ‎09-08-2010

Re: ClearPass authentication source

Create a single AD source with the domain name as the server name. 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 20,794
Registered: ‎03-29-2007

Re: ClearPass authentication source

If you are doing 892.1x with clearpass, there are two parts:

1. Ldap lookup to find the user
2. 802.1x authentication with AD.

For #1 you need to create your own redundancy for the ldap lookup of the user. You should enter a backup IP address specifically for that or just put the fqdn of the domain for clearpass to choose a server randomly.
For #2 the request is just sent off to any available domain controller so in a way there is built in redundancy.

I hope this makes sense.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 36
Registered: ‎04-14-2015

Re: ClearPass authentication source

Ok, thank you!

Search Airheads
Showing results for 
Search instead for 
Did you mean: