Backup AD server can't work on TACACS Authentication
03-06-2015 06:33 AM
Dear all experts,
I'm implementing Clearpass with my customer. I'm implement 3 feature : dot1X, VPN and TACACS with my clearpass. They're work fine. However my customer have some AD servers on his office and he want clearpass to do backup authentication source feature. So i configured on "Configuration > Authenticaiton > Source > ..." . and create authentication source profile. After that i add backup1 and backup2 on this profile and set it to dot1X service , VPN service and TACACS service. Then i dio the testing and found that when i disconnect AD1 from network , dot1X and VPN still can authenticate but TACACS can't. However on thing that i found that dot1X and VPN authenticate with AD1 source , not AD2 , even AD1 just down. So i think they use local cache of clearpass for authentication. However TACACS can't authenticate. So i did "Clear cache" on this authentication source profile and try to test again. So i found that dot1X and VPN can correctly authenticate with AD2 but TACACS still can't authenticate too. So i must connect AD1 back again , all 3 services can authenticate with AD1 immediately by no need to clear cache anything. So could you please help me how to fix for TACACS to support backup AD authentication source to work.
Re: Backup AD server can't work on TACACS Authentication
03-07-2015 02:10 AM
Please open a TAC case. There could be something specific in your configuration that is preventing failover from happening, or it could be a bug.
*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide