We worked with an Aruba TME and are preparing to deploy 6.12.1 in production, replacing our 6.9.x cluster.We are currently waiting on some of our new network infrastructure to be ready for this. I have a greenfield configuration in a Lab 6.12.1 VM that will be our initial starting point.
Original Message:
Sent: Apr 19, 2024 02:41 AM
From: EnzoJ
Subject: Entra AD with Intune
After more research, I found out that it was an Intune machine certificate.
And because you mention that we must use the UPN, it didn't return anything.
In the release notes of 6.12 I found out that I can use device groups in Clearpass in that version.
Issue is that this is a production environment and I don't like the vanilla versions.
Or is 6.12.1 ok to run in production environment, someone got experiences?
Original Message:
Sent: Apr 18, 2024 12:24 PM
From: Herman Robers
Subject: Entra AD with Intune
Do you see any data coming in from your Entra ID (Azure AD in ClearPass 6.11) Authorization Source?
Check my presentation from Atmosphere Brussels last year.... Entra ID needs the User Principle Name (UPN) to get authorization (including Group Membership) information. Device membership is as far as I know not yet available.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Apr 18, 2024 06:49 AM
From: EnzoJ
Subject: Entra AD with Intune
Hey Everyone,
I set up a intune extension with EAP-TLS on a clearpass 6.11.7 cluster.
Without any issues and working fine, but we want to remove the on-prem AD and go to Entra AD.
Since there is integration in 6.11 I added the tenant id etc.. in the source of clearpass and tested the connection.
Which was succesful.
So far so good.
Now I want to see in which group the device or user is in.
I added the authentication source in the authorization list.
But when I do the dot1x authentication I don't see any groups coming by.
Also in the logs I don't see any errors.
All the intune attributes I can perfectly see.
What I'm doing wrong?