Wireless Access

Reply
Contributor II
Posts: 52
Registered: ‎12-11-2012

Clearpass and AD sync

I have a new laptop provision. In Clearpass we are doing "computer authenication". AD is seeing the new laptop, but i am failing loggin. When i went to check Clearpass attribute, i can not find the computer.Is there a way to sync Clearpass to AD manually for the missing computer?

 

Thnx.

Chan K.

 

 

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Clearpass and AD sync

The client has to be configured for computer authentication. There is no sync that happens between ClearPass and AD. 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II
Posts: 52
Registered: ‎12-11-2012

Re: Clearpass and AD sync

Tim, the client/computer is setup for authenication. If there is no sync between the two, i wonder how AD can see the computer. I also used LDAP Browser and was able to see the computer. But within Clearpass, i can not see the computer.

 

Thnx.

Chan K.

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Clearpass and AD sync

If you're not seeing the machine authentication in access tracker, either the device is not configured correctly or the device hasn't been rebooted or logged out recently. 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II
Posts: 52
Registered: ‎12-11-2012

Re: Clearpass and AD sync

Thanks Tim. Just got of the phone with TAC. They find it strange also that LDAP Broswer was able to see the computer account and Clearpass could not. Aftward, TAC performed the following within Clearpass.

 

Configuration >> Authentication >> Source >> "Your AD Server" then click the Atrribute tab. Next, Click anywhere in the body to open up the Configuration Filter settting.

 

Under "Fiter Query", TAC removed the default string of "(&(&(sAMAccountName=%{Authentication:Username})(objectClass=user)))"  and save it. Finally, TAC pasted back the default string and save it.

 

Afterward, Clearpass was able to see the computer and the computer was able to authenicate sucessfully via computer authenication.

 

Thnx.

Chan K.

Search Airheads
Showing results for 
Search instead for 
Did you mean: