I've been trying to configure tacacs with AD authentication this whole week but no success.
Can someone tell me, how to authenticate against specific AD group? Now Clearpass is allowing all AD users to log in to network devices. I want that only users in specific AD group are allowed to log in to network devices.
Thank you very much for you help!
how are these settings related what Clearpass is looking from Windows AD?
All I want is that if user belongs to TACACS group at windows AD it is authenticated, otherwise not.
Because in either the role mapping and/or enforcement you need to have a "member belongs to x group" if you share a screen shot then we can tell you if it is setup correctly
mine looks like:
"Tacacs-FullAccess" is the AD group where the allowed users belong to.
I switched the default to "Not_allowed" but still all AD users are able to log in to network devices.
I removed Roles from usage and setup Enforcement as under:
Now the problem is that no one is able to log in to network devices. My authentication Source is:
Problem NOT solved!
this solved the case. Thank you both for your help!
Ok so it's not done under the "Authentication" tab?
Like "Look users from this specific AD group"?
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.