Security

Reply
Occasional Contributor II
Posts: 36
Registered: ‎04-14-2015

User and Machine auth; plus token server

Dear Members,

 

Our customer has a strict security policy, that's why they allow wifi for their employees in the following way:

- the machine must be a member of a domain

- the user (used for windows logon) must be present in a special AD group

- if the two conditions above meet the reqirements, the users have to authenticate against a Gemalto token server. Usernames in the ad are not the same than the users are in the Gemalto (actually the usernames are in a Cisco ISE, and the Gemalto talks with ISE.) What should I select for authorization source, when I want to add a token server? (Because I cannot leave it empty)

 

Is this whole scenario even supported?

Could you help me, how to confiigure a service for this setup?

 

Thank you for help in advance.

Best regards,

Guru Elite
Posts: 20,582
Registered: ‎03-29-2007

Re: User and Machine auth; plus token server

How are they implementing that security now?...or is it just a desire?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 36
Registered: ‎04-14-2015

Re: User and Machine auth; plus token server

That's the plan. We tested machine and user auth, and that was worked fine. Now, they'd like to extend this with an authentication against a token server.

 

Guru Elite
Posts: 20,582
Registered: ‎03-29-2007

Re: User and Machine auth; plus token server

In what supplicant should they enter the token and how often? Is there already a client installed that is already authenticating tokens?

If this becomes too complicated, users will not use it...


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 36
Registered: ‎04-14-2015

Re: User and Machine auth; plus token server

Hi cjoseph,

 

They'd like to let the user enter the credentials when they connect to the wireless network, they don't want to use separate supplicant. So they'd like to use the windows built-in method.

So they'd like the following (because of their strict security policy):

- give access only, when a user signed in Windows with AD credentials, and the computer is member of the domain. If these requirements are ok, and the users want to connect to the wireless network they'd like to force them to authenticate with OTP (Gemalto).

Could you help us how to configure ClearPass?

 

Best regards,

 

Guru Elite
Posts: 20,582
Registered: ‎03-29-2007

Re: User and Machine auth; plus token server

The Windows Supplicant does not support two factor authentication.  How do they use Gemalto now?

I am asking, because if your users are not using it currently to login to their computers, the difficult part is integrating it into your users existing workflow.  If the users are using it currently, we might try to figure out how that is being used and add a wireless component to that...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 36
Registered: ‎04-14-2015

Re: User and Machine auth; plus token server

I don't know how do they use Gemalto now, I'll ask them, and I'll get back to you.

Community Administrator
Posts: 33
Registered: ‎11-01-2012

Re: User and Machine auth; plus token server

Check out ArubaNetworks_ClearPass_6.4.2_AuthMan8.1.pdf. It's a guide for RSA, but might give you some ideas for Gemalto depending upon what type of Gemalto implementation is being used.

Search Airheads
Showing results for 
Search instead for 
Did you mean: