Security

Reply
New Contributor

AnyConnect LDAPS through ClearPass

We currently have our ASA going through our ClearPass server via radius from ASA to ClearPass. However with over 200 remote workers now, we would like to add the ability for them to change their AD password via AnyConnect. From reading we need to enable LDAPS from ASA to the AAA server. Would like to somehow continue to use ClearPass to keep all logins in the same place, but not able to find LDAP as a service type. Has anyone been able to accomplish this through ClearPass?


Accepted Solutions
Highlighted
Frequent Contributor I

Re: AnyConnect LDAPS through ClearPass

CPPM is a RADIUS/EAP/policy server, not an LDAP server.

View solution in original post


All Replies
Highlighted
MVP Expert

Re: AnyConnect LDAPS through ClearPass

What do you mean by LDAP as service type ?



Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Highlighted
New Contributor

Re: AnyConnect LDAPS through ClearPass

We have a service for Cisco AnyConnect AAA, where the service type is RADIUS Enforcement. From what I've ready to change your password over AnyConnect it needs to use a AAA server using LDAP over SSL. We can connect right to our AD Domain Server using LDAP over SSL and it works, but would like to connect to ClearPass. 

Highlighted
Frequent Contributor I

Re: AnyConnect LDAPS through ClearPass

CPPM is a RADIUS/EAP/policy server, not an LDAP server.

View solution in original post

Highlighted
New Contributor

Re: AnyConnect LDAPS through ClearPass

Thank you for the reply. I figured as much. I found I CAN to password changes for AD users over AnyConnect via RADIUS if I use MSCHAP instead of PAP authentication method. 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: