OMG! Thank you for this level of detail.
Just in case we use certificates, you are talking about EAP-TLS, right?
Yes, I know EAP-TEAP, but the problem here is that not all computers have Windows 10. We will use MSCHAPv2 instead of PAP, because it is more secure, so we need to join.
If we have already joined using the local DC fqdn and the admin account, what are those passwords? We need to configure two local DCs for redundancy purpose, how should we do that?
The documentation says that it is possible to configure one AD and leave it to request to different DCs by itself. Is this right? What is the difference between this configuration and configuring several DCs manually?
I still don't understand why Clearpass separates authentication (AD join) and authorization (auth source), I thought that in authentication source we should configure only the shared AD (only one), not each DC. Is the traffic routed by the local subscribers for authorization too? How can Clearpass put together these two processes if they are configured separately (we could have different DCs for auth and join)?
Finally, we will have 5 sites, with 5 pairs of subscribers and 5 pairs of DCs (same AD, primary and redundant DC). What is the best approach from your point of view for this scenario (we cannot use DNS option)?Thank you so much!
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.