Security

Reply
Occasional Contributor II
Posts: 14
Registered: ‎01-06-2012

NAP with Clearpass - Client IP isn't being sent to clearpass

[ Edited ]

I'm hoping someone else has come across this before.  I have CPPM 6.1 and have wired and wireless clients authenticating against active directory.  

 

When I try and integrate NAP into the setup, I receive the error below

 

No credentials received for Radius posture server=NAP Test

 

I've enabled NAP in DHCP and in NPS.  I'd been using the NPS for my 802.1x authentication prior to purchasing CPPM.  If anyone has come across this, I'd really appreciate any pointers you have.  I have the service started on the client machines and the settings are being pushed out via a GPO.

 

Thanks,
Robert

 

MVP
Posts: 2,923
Registered: ‎10-25-2011

Re: NAP with Clearpass - Client IP isn't being sent to clearpass

Hello Robert

Can you explain me better your setup?

 

Who is the radius server? it is the CPPM?

 

If its the clearpass policy manager

What is your config?

Did you join the CPPM to the domain?

Who is your CA? it is the CPPM or do you have a windows pki Infraestructure which is acting as CA? or you bought a certificate?

 

We are poor information to help you or at least i do.

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Occasional Contributor II
Posts: 14
Registered: ‎01-06-2012

Re: NAP with Clearpass - Client IP isn't being sent to clearpass

Sorry this took so long.  I was pulled into another project.

 

I'm using a clearpass for the radius server and I have joined the CPPM to the domain.  We have a Windows PKI infrastructure and I've added the certificates to the CPPM.  CPPM also has a certificate we bought so that guest users aren't prompted to install a certificate.

 

I've searched for documentation for how to add NAP to an external device.  Am I correct that CPPM should act as the authenticator between the Windows devices and the authentication server and that CPPM will then query the MS server running NAP for posture information?

 

The way it's setup now is

 

Client -> Switch/Controller (my CPPM is set as the RADIUS server) ->CPPM (authenticates the client via either mac auth or an AD lookup depending on the type of device) ->NAP (setup in CPPM as a posture server.)

 

I hope this makes more sense.  If you or anyone has any suggestions or questions, I'll be sure to answer them quickly.

 

Thanks,
Robert

Search Airheads
Showing results for 
Search instead for 
Did you mean: