ClearPass admin login - via external RADIUS server
12-12-2019 03:48 AM
I just want to make sure I'm clear and up to date on this - is TACACS+ and local users the only option for admin user login to CPPM boxes? I have read that this is the case but the info was a few years old.
We have an external RADIUS server which we use for management logins to our general network equipment so it would be ideal to use this for admin login to CPPM if possible.
Re: ClearPass admin login - via external RADIUS server
12-12-2019 08:26 AM
I have the same issue you do. First they tell me to use SAML SSO for admin log in but that causes issues as our clearpass server doing management log in doesn't share same certs and has to rely on other parts of the infrastructure. If oyu use TACACS+ you can only specify 1 IP address which breaks redundancy since my 3 Clearpass for management accounts are in different subnets. This futhure puts more reliance on other parts of our network for something that needs to run independant of failures of things on the network.