We currently have our ASA going through our ClearPass server via radius from ASA to ClearPass. However with over 200 remote workers now, we would like to add the ability for them to change their AD password via AnyConnect. From reading we need to enable LDAPS from ASA to the AAA server. Would like to somehow continue to use ClearPass to keep all logins in the same place, but not able to find LDAP as a service type. Has anyone been able to accomplish this through ClearPass?
We have a service for Cisco AnyConnect AAA, where the service type is RADIUS Enforcement. From what I've ready to change your password over AnyConnect it needs to use a AAA server using LDAP over SSL. We can connect right to our AD Domain Server using LDAP over SSL and it works, but would like to connect to ClearPass.
CPPM is a RADIUS/EAP/policy server, not an LDAP server.
Thank you for the reply. I figured as much. I found I CAN to password changes for AD users over AnyConnect via RADIUS if I use MSCHAP instead of PAP authentication method.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.