Log in to ask questions, share your expertise, or stay connected to content. Don’t have a login? Join now.
Q:
Can we use 'Kerberos authentication source' to authenticate users for an Application authentication or Web authentication request? Like 'Guest operator login' or 'Onguard user authentication'?
A:
We cannot use 'Authentication source - Type' as Kerberos to authenticate user for a Application authetnication or WEB authentication request. This is not supported in Clearpass 6.4.x, 6.5.x and 6.6.x versions. When a Kerbrose authentication source is mapped to a custom 'Guest Operator Login' service, we will get the below error message rejecting the request.
If we place the Policy service module in DEBUG, below are the Dashboard log outputs:
Request Log:
If the user is not found in the authorization source, still the same error message could be displayed with the below message.
Workaround:
It is recommend to use 'Generic LDAP' as 'Authentication source - Type' instead of 'Kerberos'.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.