Security

Reply
Frequent Contributor I
Posts: 83
Registered: ‎09-29-2011

why we must join domain AD for use the new auth source ?

Hi,

 

 We have an open SSID will allow employees to access the internet after a captive portal authentication  across the ClearPass Guest.

The accounts to authenticate employees will be store on the Active Directory of enterprise, so far so good …

 

The problem is that the Clearpass is deploy in a public zone, and for the security’s  and network architecture reasons, we can’t join  the Clearpass CPPM in the home domain AD...

 

Is there an solution to authenticate the guest user across an external auth source AD without join the CPPM in the AD ?

 

For your information  :  

I try to only add an authentication source for bind the AD LDAP in my RADIUS Guest Acess Service but i get an error ... 

 

 

Regards

 

Yann

Guru Elite
Posts: 8,466
Registered: ‎09-08-2010

Re: why we must join domain AD for use the new auth source ?

What authentication method are you using in your service?

Also, what error are you seeing?


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 83
Registered: ‎09-29-2011

Re: why we must join domain AD for use the new auth source ?

Hi Tim,

 

Thanks for your  quickly answer,

I use "PAP" for authentification method

 

And the error is :

 

Alerts -
Error Code: 201
Error Category: Authentication failure
Error Message: User not found
Alerts for this Request -
RADIUS: AD2008 - AD2008.int.xxxx.grp: User not found.\nCannot select appropriate authentication method

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: why we must join domain AD for use the new auth source ?

HI,

We need to join the AD to CPPM when we are doing MSCHAP V2/ EAP TLS etc. for PAP we it is not necessary. 

As a work around you check which format( UPN or something else) the CPPM is searching for the user details.

 

Please feel free for any further help on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Frequent Contributor I
Posts: 83
Registered: ‎09-29-2011

Re: why we must join domain AD for use the new auth source ?

Thanks 

Search Airheads
Showing results for 
Search instead for 
Did you mean: