Security

last person joined: 5 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass Authentication via LDAP

This thread has been viewed 7 times

  • 1.  ClearPass Authentication via LDAP

    Posted Sep 26, 2018 10:20 AM

    Hi all,

    Simple question I think.....

    Can ClearPass use LDAP as an authentication source where it simply does an authentication bind as the wireless user with their provided cleartext password?

    It looks like my current config actually pulls down the user's password (ntlm encrypted) as part of its authentication process. Is it doing that so clearpass itself can decide if the users password matches that ntlm has?

    I'd much rather clearpass not retrieve or store user passwords.

    Possible?



  • 2.  RE: ClearPass Authentication via LDAP

    EMPLOYEE
    Posted Sep 26, 2018 10:24 AM
    ClearPass does not store user credentials unless you’re using ClearPass as the identity store.

    Using generic LDAP requires the use of EAP-TTLS or PEAPv1/EAP-GTC which requires either a custom supplicant or configuration profile to be installed on many platforms.

    EAP-TLS is the only recommended secure EAP method today.