Wireless Access

Reply
ajc
New Contributor
Posts: 3
Registered: ‎06-02-2017

Clearpass dependancy on SMB1 protocol for AD join and authenicate users

Hi

 

Does anybody here know if Aruba Clearpass policy servers are still dependant on SMB1 for domain join and authenticate users?

 

I think our version is as it just died when we tried to drop SMB1 and was a pain to get back working after rolling back the SMB1 disable change.  I'm waiting on an official response from our aruba solution provider but thought I'd post here too.

 

I found this thread on here http://community.arubanetworks.com/t5/forums/v3_1/forumtopicpage/board-id/unified-wired-wireless-access/thread-id/40364/page/1 

But it's old and I couldn't find any futher information if the SMB1 dependancy had been resolved. 

 

I'd like to get this confirmed before tweeting at Ned Pyle@Microsoft that Aruba Clearpass is #StillNeedsSMB1

 

https://blogs.technet.microsoft.com/filecab/2017/06/01/smb1-product-clearinghouse/

 

I hope I'm wrong and they have fixed it but I'm seeing a depressing list of big names that still need SMB1 for their *nix based products. 

MVP
Posts: 1,011
Registered: ‎04-13-2009

Re: Clearpass dependancy on SMB1 protocol for AD join and authenicate users

This post from 2 weeks ago suggests that it's still required....

 

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
ajc
New Contributor
Posts: 3
Registered: ‎06-02-2017

Re: Clearpass dependancy on SMB1 protocol for AD join and authenicate users

Hi thanks I just found that thread 11 mins before you posted.

Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: Clearpass dependancy on SMB1 protocol for AD join and authenicate users

SMBv1 is only required when MSCHAP-based authentication protocols are being used (username/password with PEAPv0/EAP-MSCHAPv2 as an example) and is only used between ClearPass and the domain controller(s). SMBv1 is not required on client devices for network authentication and should be disabled per Microsoft's recommendation.

 

Most workflows and authentication methods used in ClearPass do not require domain join (and thus do not require SMB).

 

Some examples include:

  • Modern certificate-based authentication via EAP-TLS
  • Captive portal workflows
  • Security Assertion Markup Language (SAML)
  • OAuth2
  • Cloud identity stores like Microsoft Azure Active Directory, Google G Suite, Ping and Okta Universal Directory

 

Any questions can be directed to aruba-sirt@hpe.com

 

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: