It is more like an authorization timeout. If a client reconnects within the configures cache timeout, the cached attributes like group membership are used instead of them being pulled from the AD each and every time.
Authentication will happen on the ClearPass (EAP-TLS) or through the Active Directory domain join (MS-CHAPv2; deprecated!)
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------
Original Message:
Sent: Mar 14, 2021 08:34 PM
From: zhipeng ma
Subject: clearpass Active Directory Cache Timeout
hi all
I am not sure how the Active Directory Cache Timeout is calculated? When a user is successfully authenticated for the first time, will it be cached for 10 hours without going to AD for authentication?
------------------------------
leo ma
------------------------------