Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

AD With Cppm Connection

This thread has been viewed 3 times

  • 1.  AD With Cppm Connection

    Posted Jul 13, 2020 05:40 AM

    Hello guys ,

     

    I have a question about cppm that about connection between it and AD if its use Radius Auth. or kerbores Auth .? im confused about that actually as i read about it but can't get it if they use radius or kerbores between them .

    like nad and cppm it use radius auth. but ad and cppm didn't know !

    hope to clear it for me and thanks



  • 2.  RE: AD With Cppm Connection
    Best Answer

    EMPLOYEE
    Posted Jul 13, 2020 07:15 AM

    The communication between ClearPass and Active Directory is LDAP (or LDAPS). User information like group membership, full name, department, etc is pulled over this LDAP, so it's mostly Authorization information.

     

    If you are doing EAP-PEAP-MSCHAPv2 authentication (username/password integrated with AD), just for that authentication part Kerberos is used and that is why ClearPass in such case has to join the domain. For EAP-TLS or non-802.1X authentication like Captive Portal or admin login, join is not needed and Kerberos is not used, just LDAP(S) in that case.

     

    No RADIUS needed between ClearPass and AD.



  • 3.  RE: AD With Cppm Connection

    Posted Jul 13, 2020 07:23 AM

    thank you for clear it for me ^^