Security

 View Only
last person joined: 20 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Adding secondary AD to Auth Source but can not make it trusted without certificate

This thread has been viewed 10 times
  • 1.  Adding secondary AD to Auth Source but can not make it trusted without certificate

    Posted Aug 05, 2022 04:33 AM
    Hello,

    We have two different forest and two different Domains. We want to add secondary AD to the Auth source of a new service. The Clearpass joined both AD's but we couldn't add the second certificate without overriding the first one. And without certificate clients are not trusted. I am wondering how to make clearpass trust the second AD without adding the certificate? Thanks.


  • 2.  RE: Adding secondary AD to Auth Source but can not make it trusted without certificate

    EMPLOYEE
    Posted Aug 05, 2022 08:00 AM
    Are you using EAP-PEAP or EAP-TLS?
    If EAP-TLS are you looking "authenticate" certificates from both domains and then "authorize" with the username on the certificate after that?
    What is your workflow?

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------



  • 3.  RE: Adding secondary AD to Auth Source but can not make it trusted without certificate

    Posted Aug 08, 2022 02:19 AM
    Hello,

    you can also create 2 similar services with matching rule on the username that contains the domain name and use 2 services certificates

    Regards

    Christian