Security

Reply
Regular Contributor I
Posts: 187
Registered: ‎03-27-2013

[Onboard] Use Certificate and Active directory authentication

HI,
For a customer I need to modify the actual 802.1x authentication service (that use Active directory such authentication source) on ClearPass Server for allow also authentication by certificate.

In this case the customer buought Onboard license.

So I need to have a single SSID where user can authenticate or with certificate or with active Directory credential.

it is possbile?

 

Can you give me some documentation about possible configuration?

Regards
Andrea

Andrea
Guru Elite
Posts: 8,204
Registered: ‎09-08-2010

Re: [Onboard] Use Certificate and Active directory authentication

Are AD users going to be using EAP-PEAP or EAP-TLS? 

Sent from Nine

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Regular Contributor I
Posts: 187
Registered: ‎03-27-2013

Re: [Onboard] Use Certificate and Active directory authentication

HI,

EAP-PEAP

 

Regards

Andrea

Andrea
Guru Elite
Posts: 8,204
Registered: ‎09-08-2010

Re: [Onboard] Use Certificate and Active directory authentication

You can configure both EAP-PEAP and EAP-TLS under authentication methods. This is a widely used configuration. 

Sent from Nine

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Regular Contributor I
Posts: 187
Registered: ‎03-27-2013

Re: [Onboard] Use Certificate and Active directory authentication

Hi cappali,

ok but for the onboarding i have to create a secondary SSID?

 

I need some guide line to configure this feature, can you give me some guide?

 

Regards

Andrea Acampa


cappalli wrote:
You can configure both EAP-PEAP and EAP-TLS under authentication methods. This is a widely used configuration. 

Sent from Nine

 

Andrea
MVP
Posts: 1,407
Registered: ‎11-30-2011

Re: [Onboard] Use Certificate and Active directory authentication

something like this:

https://ase.arubanetworks.com/solution/id/34

 

but if these are all domain joined systems onboard doesn't seem needed.

Search Airheads
Showing results for 
Search instead for 
Did you mean: