Security

Reply
PM
Contributor I
Posts: 29
Registered: ‎09-10-2007

We have several domains, and are looking into using Clearpass for authenticating against AD

[ Edited ]

Hello,

 

We have several domains, and are looking into using Clearpass for authenticating against AD with MSCHAPv2.

As it is stated that ClearPass must be joined to the domain, would this work if there was a one way trust between the domains.

 

Regards Peter

Guru Elite
Posts: 20,001
Registered: ‎03-29-2007

Re: We have several domains, and are looking into using Clearpass for authenticating against AD

You should add clearpass to all domains that you want to authenticate to.  If you have multiple SSIDs, you can use ClearPass to first check what SSID the user is authenticating to and then only check the user's credentials against the domain that corresponds with that SSID.

 

If you have a single SSID for all users in all domains, you need the following:

 

- All users in all domains must trust the Clearpass radius certificate

- ClearPass must be joined to all domains correctly and be able to reach domains controllers in all domains.  This means that DNS must be able to resolve resources from all domains

- All clients must be configured correctly to connect to that single SSID.

 

**Consolidating multiple domains into a single SSID involves alot of work and typically you should try to maintain whatever connectivity that exists and then migrate to a single SSID later.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: