Security

Reply
Occasional Contributor II
Posts: 48
Registered: ‎05-23-2014

Configuring authentication with AD DS (CPPM / Instant IAP 105)

Greetings All,

 

I am looking to configure one of my SSIDs to use AD as an authentication platform. This will be to provide internal guest access to the internet only (won't allow access to internal resources).

 

I have configure an SSID to permit access using the internal database (for guests), but was hoping to allow the new SSID to use domain credentials to allow access for internal users.

 

Does anyone have a configuration document to show how this can be achieved? Is there anything that I need to check / do to AD DS to allow authentication (apart from provide an "admin" account with read permissions)?

 

Can anyone let me know the maximum number of user accounts within CPPM (Version 6.3.5)

 

TIA for any assistance / pitfalls that you may be able to help me with

 

Gordie

Guru Elite
Posts: 8,330
Registered: ‎09-08-2010

Re: Configuring authentication with AD DS (CPPM / Instant IAP 105)

Are you trying to use a captive portal or 802.1X?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 48
Registered: ‎05-23-2014

Re: Configuring authentication with AD DS (CPPM / Instant IAP 105)

Hi Tim,

 

Thanks for the uber quick reply.

 

We aim to use a captive portal for authentication

 

TIA

 

G

Guru Elite
Posts: 8,330
Registered: ‎09-08-2010

Re: Configuring authentication with AD DS (CPPM / Instant IAP 105)

Yes, you'll need an AD account in the standard Domain Users group. Create an AD authentication source and define that account. Then add that authentication source to your web login service. 

 

You can then use AD attributes in your role mapping and/or enforcement policy.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 48
Registered: ‎05-23-2014

Re: Configuring authentication with AD DS (CPPM / Instant IAP 105)

Tim,

 

Thank you so much.  I will give this a try but may come back with more questions

 

Kudos my friend

 

G

Occasional Contributor II
Posts: 48
Registered: ‎05-23-2014

Re: Configuring authentication with AD DS (CPPM / Instant IAP 105)

Hi Tim,

 

Does the AD account specified in the config require elevated permissions?

 

I have tried to connect but this is failing my credentials.

 

I am going to work with our server team to see if they can find anything in the logs.

 

Is there a guide on how to configure AD as an authentication source?

 

TIA

G

Guru Elite
Posts: 8,330
Registered: ‎09-08-2010

Re: Configuring authentication with AD DS (CPPM / Instant IAP 105)

No, just a standard user account. Are you getting an error?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 48
Registered: ‎05-23-2014

Re: Configuring authentication with AD DS (CPPM / Instant IAP 105)

Hi Tim,

 

Nothing at all. 

 

The only hint of an error is the authentication failed error on the captive portal.

 

TIA

 

G

Guru Elite
Posts: 8,330
Registered: ‎09-08-2010

Re: Configuring authentication with AD DS (CPPM / Instant IAP 105)

You can test your AD source by clicking the Search Base DN link on the primary tab. If you are to browse through the directory, it is set up correctly.

When you get the error in the captive portal, what shows up in access tracker?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: