Security

Hi,

 We have an open SSID will allow employees to access the internet after a captive portal authentication  across the ClearPass Guest.

The accounts to authenticate employees will be store on the Active Directory of enterprise, so far so good …

The problem is that the Clearpass is deploy in a public zone, and for the security’s  and network architecture reasons, we can’t join  the Clearpass CPPM in the home domain AD...

Is there an solution to authenticate the guest user across an external auth source AD without join the CPPM in the AD ?

For your information  :  

I try to only add an authentication source for bind the AD LDAP in my RADIUS Guest Acess Service but i get an error ... 

Regards

Yann

Hi Tim,

Thanks for your  quickly answer,

I use "PAP" for authentification method

And the error is :

Alerts -
Error Code: 201
Error Category: Authentication failure
Error Message: User not found
Alerts for this Request -
RADIUS: AD2008 - AD2008.int.xxxx.grp: User not found.
Cannot select appropriate authentication method

HI,

We need to join the AD to CPPM when we are doing MSCHAP V2/ EAP TLS etc. for PAP we it is not necessary. 

As a work around you check which format( UPN or something else) the CPPM is searching for the user details.

Please feel free for any further help on this.

Thanks dhanraj