Security

last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Active Directory Authentication for wireless users

  • 1.  Active Directory Authentication for wireless users

    Posted Oct 01, 2015 08:46 PM

    A customer wants mobile users at a university to authenticate to join in the network by making the clearpass authenticate from the active directory using dot1x.

    the mobile phones aren't joined the domain or anything, just the username and password that they will use to login are stored in the active directory, is this possible?

    how different will it be if we are authenticating machines that are joined in the domain?

    I am getting a bit confused.

    thanks in advance



  • 2.  RE: Active Directory Authentication for wireless users

    Posted Oct 01, 2015 08:48 PM

    The short answer is yes for mobile devices.  They connect rather easily.

     

    For the domain devices you will probably want to use group policy to push the wireless profiles to domain computers.



  • 3.  RE: Active Directory Authentication for wireless users

    Posted Oct 01, 2015 08:49 PM
    This is the most common deployment of 802.1X. I'm not really sure what you're asking. 


    Thanks, 
    Tim


  • 4.  RE: Active Directory Authentication for wireless users

    Posted Oct 01, 2015 08:51 PM

    If a PC is not joined in a domain but has the credentials stored on the active directory, and another PC is joined the domain,

    what is the difference in authenticating both, what changes in configuration will i have to do?



  • 5.  RE: Active Directory Authentication for wireless users

    Posted Oct 01, 2015 08:53 PM
    For user authentication, nothing is different. Machine authentication requires client side configuration via group policy. Are you working with an Aruba partner? 


    Thanks, 
    Tim


  • 6.  RE: Active Directory Authentication for wireless users

    Posted Oct 01, 2015 08:56 PM

    You mean just to enable the wired autoconfig service and enable dot1x authentication on the network connection, right?



  • 7.  RE: Active Directory Authentication for wireless users

    Posted Oct 01, 2015 08:58 PM
    No you don't need to enable anything. The wireless supplicant is enabled by default. If you are trying to do machine authentication, you should push down a group policy with the supplicant configuration. 


    Thanks, 
    Tim