Security

Hi all,

I was wondering if anybody could tell me what the current best practice is to handle User & Machine Authentications against Active Directory with CPPM. More specifically, how to differentiate between the following scenarios and apply different roles for:

1. Successful Machine Auth & Successful User Auth
2. Successful Machine Auth & Failed User Auth
3. Failed Machine Auth & Successful User Auth

I've found some good documentation with very specific configuration, but some is 3 - 5 years old so don't want to go down the rabbit hole if ClearPass now has inbuilt methods to make this easier.

Bonus points for any links or examples :-)

Thanks heaps!

-Brett

This 1 is still vald:

https://community.arubanetworks.com/t5/Security/How-to-MACHINE-AND-USER-AUTHENTICATION-IN-WINDOWS-WITH-CLEARPASS/td-p/227580

You can give any enforcement you would like based on a user auth, machine auth, or combination of both. 

Only user auth is basicly BYOD. Only machine auth is just a corp laptop without an active user session, so in that case give it a role with access to AD and maybe some important antivirus/update servers.

Thank you Fabian,

I've seen this but wasn't sure if it was still valid. I will give it a go within the next week or so and report back.

-Brett