Aruba Apps

Reply
Occasional Contributor II

Does CLearPass run with two different directory systems?

One of our customers wants to migrate from his LINUX LDAP directory system to Microsoft AD directory server.

Question: Is it possible to connect both the LDAP directory server and the new Microsoft AD server with ClearPass, and then gradually migrate the ClearPass rules from the LINUX LDAP server to the Microsoft AD server?

Has anyone done such a migration already?

 

Thanks for any input in advanced.

Frequent Contributor II

Re: Does CLearPass run with two different directory systems?

Hello,

 

Yes, clearpass can run two different authentication sources. Assuming you are doing EAP Mschap v2 authentications, Makesure, Clearpass is joined to the AD domain. In the service, where you have LDAP authentication is running correctly, you can map the AD as primary authentication source and LDAP as secondary. If the Clearpass cannot find the user in the AD, it will fall back to LDAP for authentication.  

 

hope this helps.

 

--

 

-If you got what you need with my answer please give kudos and mark it as solution.
Occasional Contributor II

Re: Does CLearPass run with two different directory systems?

Hello Mohammed,

 

thanks for your answer. One question that I still have is where can I set which directory service is primary and which should be secondary?

Is this depending on the position from the service?

 

Many thanks

Guru Elite

Re: Does CLearPass run with two different directory systems?

How are your clients configured for authentication now? That will determine your path moving forward.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor II

Re: Does CLearPass run with two different directory systems?

EAP-TLS

Guru Elite

Re: Does CLearPass run with two different directory systems?

EAP-TLS does not use username and password. Directory services would only come into play to check if the account in the certificate is still valid, really.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor II

Re: Does CLearPass run with two different directory systems?

In this network we have only one "Corporate SSID". If you connect to the Corporate SSID you will be forwarded to the Captive Portal and then you go thru a self registration process. If you are, an Employees, Student, IT-Staff (we have EAP-TLS so also a certificate will be installed on your device). and can connect to the WLAN/LAN. If you are a visitor you are ask to type in the contact person e-mail address to by connected. For Employee, Students and the IT-Staff OU=Groups existing in the LDAP server. So when the type of user for CP is clear, CP will set the relevat roles to the user and give them access.

Guru Elite

Re: Does CLearPass run with two different directory systems?

Are you using onboard?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Highlighted
Occasional Contributor II

Re: Does CLearPass run with two different directory systems?

Yes

Guru Elite

Re: Does CLearPass run with two different directory systems?

You would just have to have ClearPass authenticate to the new Active Directory, if you switch over, to onboard your users.

 

I will let others weigh on on the migration strategy here.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: