Hello,
I am attempting to configure ClearPass to authenticate users using AD credentials or certificates. If a user provides AD credentials or a certificate that's accepted, then I would like that user to be placed on the Network Access VLAN. If a user fails to authenticate, then I would like to put them on a Guest VLAN. The RADIUS connection between my aruba wireless controller and ClearPass appears to be working properly because AD users are permitted to use the wireless network. I used the Aruba 802.1X Wireless setup wizard under "Start Here" in ClearPass, but that just ends up authenticating all AD users. Is there a way to distinguish between AD users? I currently have a rule in the enforcement policy that states only an AD user that CONTAINS the string "exampleUser" should get the enforcement profile that permits them to use the network. Otherwise, I have a default enforcement profile called Guest VLAN, which is supposed to put them on VLAN 20. However, this setup doesn't appear to work the way that I intended. Everyone in the domain is just automatically admitted to use the network. Any idea what I am doing wrong?