Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Services for Multiple Domains

This thread has been viewed 8 times

  • 1.  Clearpass Services for Multiple Domains

    Posted Apr 20, 2015 03:01 PM

    We have two domains that are very similar. 

     

    We have students and Staff that connect and are members of seperate domains. 

     

    We found out today that there was a duplicate username out there on the two different domains. So when a student tries to connect to wireless, they end up in the staff VLAN. 

     

    Currently we have 1 service that returns the role for student or staff. My thought was that we put a seperate service for staff and students so they would only authenticate against the AD sources within the service. 

     

    I might be over complicating things. 

     

    What would you suggest is the best way to handle multiple domains with the possibility of duplicate user names? 

     

    Apparently they used to just be able to type DOMAIN/Username and that was enough to fix the issue, but now that doesn't appear to work. 



  • 2.  RE: Clearpass Services for Multiple Domains
    Best Answer

    EMPLOYEE
    Posted Apr 20, 2015 03:04 PM
    Your service could have a rule that says Full-Username BEGINS_WITH "DOMAIN\"


    Thanks,
    Tim


  • 3.  RE: Clearpass Services for Multiple Domains

    Posted Apr 20, 2015 03:13 PM

    Brilliant and simple solution. 

     

    I like your style. Thanks for the help!