05-05-2017 12:26 AM - edited 05-05-2017 12:27 AM
So, we are in the process of migrating our existing Pulse Policy Secure NAC / NAP 802.1X solution (used for both wired and wireless clients) to ClearPass Policy Manager, and I'm not quite sure if there's a straight forward migration path.
Right now, we're using EAP-TTLS as 'outer' authentication protocol, and EAP-JUAC, a proprietary Juniper / Pulse Secure authentication protocol, as 'inner' authentication protocol. A client application, Pulse Secure Client, performs the compliance and client certificate checks. Also, Pulse Secure Clients acts as a Windows credential provider plugin.
We have the requirement that our clients perform BOTH machine authentication using a pre-deployed certificate and user authentication (active directory credentials), which works just fine using the setup mentioned above.
I went through the airheads community and found some similar posts (like http://community.arubanetworks.com/t5/Security/How-to-Machine-AND-User-Authentication-in-Windows-with-Clearpass/td-p/208471 ), but not exactly what I'm looking for.
Anyways, is there a way to perform both client cert checks and user credentials checks with Aruba ClearPass? Can OnGuard be used as Windows credential provider?