07-06-2015 02:09 AM
We have an open SSID will allow employees to access the internet after a captive portal authentication across the ClearPass Guest.
The accounts to authenticate employees will be store on the Active Directory of enterprise, so far so good …
The problem is that the Clearpass is deploy in a public zone, and for the security’s and network architecture reasons, we can’t join the Clearpass CPPM in the home domain AD...
Is there an solution to authenticate the guest user across an external auth source AD without join the CPPM in the AD ?
For your information :
I try to only add an authentication source for bind the AD LDAP in my RADIUS Guest Acess Service but i get an error ...
Solved! Go to Solution.
07-06-2015 03:13 AM
Also, what error are you seeing?
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
07-06-2015 06:31 AM
Thanks for your quickly answer,
I use "PAP" for authentification method
And the error is :
Error Code: 201
Error Category: Authentication failure
Error Message: User not found
Alerts for this Request -
RADIUS: AD2008 - AD2008.int.xxxx.grp: User not found.\nCannot select appropriate authentication method
07-06-2015 07:09 AM
We need to join the AD to CPPM when we are doing MSCHAP V2/ EAP TLS etc. for PAP we it is not necessary.
As a work around you check which format( UPN or something else) the CPPM is searching for the user details.
Please feel free for any further help on this.
[Is my post helped you ? Give Kudos :) ]