Well that's simply too logical.
Original Message:
Sent: Apr 19, 2024 12:57 PM
From: chulcher
Subject: Location specific authentication servers
Set your Auth Source primary target to the domain name rather than a specific DC, DNS should return a result based on the configured site.
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Apr 19, 2024 12:52 PM
From: MyScreenName
Subject: Location specific authentication servers
Thanks Carson. That will take care of it for authentications.
Now if I understand correctly, the AD domain connection is only used for MSCHAPV2 logins. All the attributes are pulled using LDAP from the AD server(s) in the authentication source. I think I can do some geo-dns hacks to make that work.
Friday is funday. :)
Original Message:
Sent: Apr 19, 2024 11:59 AM
From: chulcher
Subject: Location specific authentication servers
The topic "Adding a Password Server" is what I think you are after.
https://www.arubanetworks.com/techdocs/ClearPass/6.12/PolicyManager/Content/CPPM_UserGuide/Admin/ServerConfig_editsystemtab.htm#B926210353
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Apr 19, 2024 11:10 AM
From: MyScreenName
Subject: Location specific authentication servers
Is it possible to select an authentication server based on the controller used?
I have a 4 node CPPM cluster, authenticating to a primary and backup AD controller on our main campus. One of those nodes is on a remote campus, and I'd like to have it use a local AD controller rather than authenticating across the WAN.
I can create a unique authentication server, and I can create a unique service to use it based on the NAS ID, but is there a better and less manual way?
This is for eduroam, so switching from passwords to certificates is not an option.