last person joined: 6 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass Authentication via LDAP

  • 1.  ClearPass Authentication via LDAP

    Posted Sep 26, 2018 10:20 AM

    Hi all,

    Simple question I think.....

    Can ClearPass use LDAP as an authentication source where it simply does an authentication bind as the wireless user with their provided cleartext password?

    It looks like my current config actually pulls down the user's password (ntlm encrypted) as part of its authentication process. Is it doing that so clearpass itself can decide if the users password matches that ntlm has?

    I'd much rather clearpass not retrieve or store user passwords.


  • 2.  RE: ClearPass Authentication via LDAP

    Posted Sep 26, 2018 10:24 AM
    ClearPass does not store user credentials unless you’re using ClearPass as the identity store.

    Using generic LDAP requires the use of EAP-TTLS or PEAPv1/EAP-GTC which requires either a custom supplicant or configuration profile to be installed on many platforms.

    EAP-TLS is the only recommended secure EAP method today.