05-16-2017 07:06 PM
Anyone got any ideas if Clearpass V.6.6.2 is supporting SMB V2 or SMB V3?
We tested disabling SMB V1 at the AD server and our Clearpass cannot join the AD server.
05-16-2017 07:15 PM
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.
05-17-2017 06:44 AM - last edited on 06-02-2017 07:08 AM by cappalli
SMBv1 is only required when MSCHAP-based authentication protocols are being used (username/password with PEAPv0/EAP-MSCHAPv2 as an example) and is only used between ClearPass and the domain controller(s). SMBv1 is not required on client devices for network authentication and should be disabled per Microsoft's recommendation.
Most workflows and authentication methods used in ClearPass do not require domain join (and thus do not require SMB).
Some examples include:
- Modern certificate-based authentication via EAP-TLS
- Captive portal workflows
- Security Assertion Markup Language (SAML)
- Cloud identity stores like Microsoft Azure Active Directory, Google G Suite, Ping and Okta Universal Directory
Any questions can be directed to firstname.lastname@example.org