Network Management

hi all
    I am not sure how the Active Directory Cache Timeout is calculated? When a user is successfully authenticated for the first time, will it be cached for 10 hours without going to AD for authentication?

------------------------------
leo ma
------------------------------

It is more like an authorization timeout. If a client reconnects within the configures cache timeout, the cached attributes like group membership are used instead of them being pulled from the AD each and every time.

Authentication will happen on the ClearPass (EAP-TLS) or through the Active Directory domain join (MS-CHAPv2; deprecated!)

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Mar 14, 2021 08:34 PM
From: zhipeng ma
Subject: clearpass Active Directory Cache Timeout

hi all
    I am not sure how the Active Directory Cache Timeout is calculated? When a user is successfully authenticated for the first time, will it be cached for 10 hours without going to AD for authentication?

------------------------------
leo ma
------------------------------

hi Robers
  Thank you for your reply, I consulted tac, the account password authentication will go to AD every time, but the attribute information of the account is cached. The machine verification will be cached for 24 hours.
  Sorry my english is not very good,


------------------------------
leo ma
------------------------------

Original Message:
Sent: Mar 15, 2021 03:47 AM
From: Herman Robers
Subject: clearpass Active Directory Cache Timeout

It is more like an authorization timeout. If a client reconnects within the configures cache timeout, the cached attributes like group membership are used instead of them being pulled from the AD each and every time.

Authentication will happen on the ClearPass (EAP-TLS) or through the Active Directory domain join (MS-CHAPv2; deprecated!)

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Mar 14, 2021 08:34 PM
From: zhipeng ma
Subject: clearpass Active Directory Cache Timeout

hi all
    I am not sure how the Active Directory Cache Timeout is calculated? When a user is successfully authenticated for the first time, will it be cached for 10 hours without going to AD for authentication?

------------------------------
leo ma
------------------------------