Security

Reply

ClearPass and Active Directory

Hi guys,

 

In ClearPass we can add AD as Authentication Source (Configuration > Authentication > Sources) and joining the AD domain (Administration > Server Manager > Server Configuration > Join AD Domain).

What is the difference between both? Can we join the AD domain without adding the AD as Authentication Source? What is the use of each part?

 

Regards,

Julián

Guru Elite

Re: ClearPass and Active Directory

Domain join is required for legacy EAP methods like PEAP to validate the password. The auth source is used to derive the SID, for authorization functions and for non-EAP authentication.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

Re: ClearPass and Active Directory

Hi,

 

Yes, for EAP-TLS ClearPass doesn't need to join the AD domain. Then when dealing with PEAP, can we join the AD domain without adding the AD as auth source?

 

Regards,

Julián

Guru Elite

Re: ClearPass and Active Directory

RE: EAP-TLs, correct
RE: PEAP, you need both

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

Re: ClearPass and Active Directory

Ok, many thanks!

 

Regards,

Julián

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: