Security

Reply
Occasional Contributor II
Posts: 14
Registered: ‎02-20-2013

Clearpass V6.6.2 SMB version supported

Hi,

 

Anyone got any ideas if Clearpass V.6.6.2 is supporting SMB V2 or SMB V3?

 

We tested disabling SMB V1 at the AD server and our Clearpass cannot join the AD server.

 

Thanks.

 

Aruba
Posts: 1,548
Registered: ‎06-12-2012

Re: Clearpass V6.6.2 SMB version supported

When using MSCHAP-based authentication methods, SMBv1 to domain controllers is required.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Aruba Employee
Posts: 508
Registered: ‎02-19-2015

Re: Clearpass V6.6.2 SMB version supported

[ Edited ]

SMBv1 is only required when MSCHAP-based authentication protocols are being used (username/password with PEAPv0/EAP-MSCHAPv2 as an example) and is only used between ClearPass and the domain controller(s). SMBv1 is not required on client devices for network authentication and should be disabled per Microsoft's recommendation.

 

Most workflows and authentication methods used in ClearPass do not require domain join (and thus do not require SMB).

 

Some examples include:

  • Modern certificate-based authentication via EAP-TLS
  • Captive portal workflows
  • Security Assertion Markup Language (SAML)
  • OAuth2
  • Cloud identity stores like Microsoft Azure Active Directory, Google G Suite, Ping and Okta Universal Directory

 

Any questions can be directed to aruba-sirt@hpe.com

 

 

ajc
New Contributor
Posts: 3
Registered: ‎06-02-2017

Re: Clearpass V6.6.2 SMB version supported

Oh dear I hope they sort that soon. 

Search Airheads
Showing results for 
Search instead for 
Did you mean: