Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Guest - AD Authentication

This thread has been viewed 7 times

  • 1.  Clearpass Guest - AD Authentication

    Posted Oct 02, 2017 02:31 PM

    I'm brand new to Clearpass and I've been following the Clearpass Solution Guide for Wired Policy enforcement for Cisco switches, and everything is working great except a guest user that has an AD account. When they try to login with their AD account they get "Invalid username or password" and I don't see any request show up in access tracker.

     

    I've been trying to figure this out for hours, and I finally discovered the checkbox "Perform a local authentication check" in the Login Form.  I disabled this, and now AD auth is working.  Is this the correct way to allow AD authentication?  I wanted to make sure since I didn't see the Solution Guide mention anything about it.



  • 2.  RE: Clearpass Guest - AD Authentication

    EMPLOYEE
    Posted Oct 02, 2017 02:35 PM
    Yes, if you’re using AD with web login, that needs to be changed to RADIUS or Application or be disabled all together (not recommended).


  • 3.  RE: Clearpass Guest - AD Authentication

    Posted Oct 02, 2017 02:47 PM
      |   view attached

    I don't see the options you mentioned in the guest self-registration portal I am using (attached).



  • 4.  RE: Clearpass Guest - AD Authentication

    EMPLOYEE
    Posted Oct 02, 2017 02:50 PM
    You need to use a web login form to support both.


  • 5.  RE: Clearpass Guest - AD Authentication

    Posted Oct 02, 2017 02:58 PM

    Remember I'm new to this, so I might need a bit more info.  I see that I can create a separate web login page, but how do I integrate this with the self-registration portal? Thanks for the help so far!