Security

last person joined: 14 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Join clearpass to multiple forest domain

Jump to Best Answer
  • 1.  Join clearpass to multiple forest domain

    Posted Jan 24, 2019 03:48 PM

    Hello community.

    I have a problem to join ClearPass to two domains that do not have trust relation between them (different forests). I configured two DNS one from domain A and one from B (primary and secondary). when the primary dns is from domain A I do not have problems to join Clearpass to domain A, netbios name appears automatically, but when I try to add it to domain B (with dns A as primary) it doesn´t resolve the netbios of domain B. If I change the roles and I configure as primary dns from one of domain B I join without problems to domain B, the netbios name appears automatically. The problem with  this is that the authentication for  users from domain that have its dns as primary work fine, but the users authentication that have its dns as secundary don´t work.

    What can i do for resolve this?

     



  • 2.  RE: Join clearpass to multiple forest domain
    Best Answer

    Posted Jan 24, 2019 03:50 PM
    The name server defined in ClearPass must be able to resolve the DCs in all of your AD forests.


  • 3.  RE: Join clearpass to multiple forest domain

    Posted Jan 24, 2019 04:21 PM

    Thank cappalli for you fast response.

    in this moment the primary DNS  of domain A only resolve the name of DC of domain A and the DNS(secundary) of domain b only resolve dc of domain b, you say that the primary DNS needs to resolve the name of both dc (domain a and b) is that correct? 



  • 4.  RE: Join clearpass to multiple forest domain

    Posted Jan 24, 2019 04:28 PM
    Correct.