Security

Reply
Occasional Contributor I
Posts: 5
Registered: ‎09-22-2011

integrate ClearPass with Lotus Domino LDAP 802.1x EAP- MS CHAP V2 authentication process

We are trying integrate ClearPass with Lotus Domino LDAP server  for authentication of windows Client. 802.1x EAP- MS CHAP V2 authentication process, and it’s not working  can anybody help

 

Guru Elite
Posts: 20,578
Registered: ‎03-29-2007

Re: integrate ClearPass with Lotus Domino LDAP 802.1x EAP- MS CHAP V2 authentication process

[ Edited ]

Sir,

 

Please see the diagram here:  http://deployingradius.com/documents/protocols/compatibility.html

 

Unless the passwords in Lotus Domino are encrypted using ClearText or NT_Hash algorithm, you cannot do MsChapV2.  Please find out what the encryption is, to determine an alternative based on the chart.

 

The bad news is if Lotus Domino does not support either ClearText or NT_Hash, you will have to install a supplicant on your windows clients to support a different EAP type if you still want to point at the Domino server using LDAP to do encryption.

 

As an alternative, if your clients login to a domain, you should add your ClearPass Server to that Windows domain and then set it up as an Active Directory Authentication Source http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-Add-Clear-Pass-to-Domain/ta-p/187614 install a Windows radius server and have your clients authenticate to that, instead of pointing at the Lotus Domino server for authentication: http://community.arubanetworks.com/t5/Community-Tribal-Knowledge-Base/Step-by-Step-How-to-Configure-Microsoft-NPS-2008-Radius-Server/ta-p/80672  You will be able to support MsChapV2 with the built-in Windows Supplicant in that setup.  It takes more effort on the server side than just pointing to the Domino server via LDAP, but you will not have to install additional software on your Windows clients, so it is preferred.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎09-22-2011

Re: integrate ClearPass with Lotus Domino LDAP 802.1x EAP- MS CHAP V2 authentication process

We have an ARUBA TAC Case # 1621000 opened on 18th Dec 2014,



I am sure that is the solution was so simple it would have been closed by
not.
Guru Elite
Posts: 20,578
Registered: ‎03-29-2007

Re: integrate ClearPass with Lotus Domino LDAP 802.1x EAP- MS CHAP V2 authentication process

[ Edited ]

nieshsbhatt,

 

I am responding based on the information that you gave in your post.  There could be more information in your case.  Very few people setup 802.1x using LDAP due to the restrictions in the chart above.

 

You could just add the ClearPass Server to the Windows Domain and then setup an Active Directory Authentication Method to avoid any issues with Domino. http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-Add-Clear-Pass-to-Domain/ta-p/187614  You can do that while you are troubleshooting your issue with Domino LDAP.

 

 

 

 

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎09-22-2011

Re: integrate ClearPass with Lotus Domino LDAP 802.1x EAP- MS CHAP V2 authentication process

can you pelasesuggets an alterantve method for this, whihc can be easlily implemented at site,.

 

Sorry I am new to this comunity and product hence asking you some basic questions

Occasional Contributor I
Posts: 5
Registered: ‎09-22-2011

Re: integrate ClearPass with Lotus Domino LDAP 802.1x EAP- MS CHAP V2 authentication process

can you pelase suggets an alterantve method for this, whihc can be easlily implemented at site,.

 

Sorry I am new to this comunity and product hence asking you some basic questions

Guru Elite
Posts: 20,578
Registered: ‎03-29-2007

Re: integrate ClearPass with Lotus Domino LDAP 802.1x EAP- MS CHAP V2 authentication process

If you are still connected to support, you should ask them if they could help you add ClearPass to the domain, instead and issue your ClearPass a server certificate.  



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: