Security

last person joined: 9 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

AnyConnect LDAPS through ClearPass

This thread has been viewed 10 times

  • 1.  AnyConnect LDAPS through ClearPass

    Posted Jun 16, 2020 01:39 PM

    We currently have our ASA going through our ClearPass server via radius from ASA to ClearPass. However with over 200 remote workers now, we would like to add the ability for them to change their AD password via AnyConnect. From reading we need to enable LDAPS from ASA to the AAA server. Would like to somehow continue to use ClearPass to keep all logins in the same place, but not able to find LDAP as a service type. Has anyone been able to accomplish this through ClearPass?



  • 2.  RE: AnyConnect LDAPS through ClearPass

    Posted Jun 16, 2020 01:46 PM
    What do you mean by LDAP as service type ?



    Thank you

    Victor Fabian

    Pardon typos sent from Mobile


  • 3.  RE: AnyConnect LDAPS through ClearPass

    Posted Jun 16, 2020 02:02 PM

    We have a service for Cisco AnyConnect AAA, where the service type is RADIUS Enforcement. From what I've ready to change your password over AnyConnect it needs to use a AAA server using LDAP over SSL. We can connect right to our AD Domain Server using LDAP over SSL and it works, but would like to connect to ClearPass. 



  • 4.  RE: AnyConnect LDAPS through ClearPass
    Best Answer

    MVP EXPERT
    Posted Jun 16, 2020 03:23 PM

    CPPM is a RADIUS/EAP/policy server, not an LDAP server.



  • 5.  RE: AnyConnect LDAPS through ClearPass

    Posted Jun 16, 2020 03:26 PM

    Thank you for the reply. I figured as much. I found I CAN to password changes for AD users over AnyConnect via RADIUS if I use MSCHAP instead of PAP authentication method.