Regular Contributor I

Clearpass Services for Multiple Domains

We have two domains that are very similar. 


We have students and Staff that connect and are members of seperate domains. 


We found out today that there was a duplicate username out there on the two different domains. So when a student tries to connect to wireless, they end up in the staff VLAN. 


Currently we have 1 service that returns the role for student or staff. My thought was that we put a seperate service for staff and students so they would only authenticate against the AD sources within the service. 


I might be over complicating things. 


What would you suggest is the best way to handle multiple domains with the possibility of duplicate user names? 


Apparently they used to just be able to type DOMAIN/Username and that was enough to fix the issue, but now that doesn't appear to work. 

Guru Elite

Re: Clearpass Services for Multiple Domains

Your service could have a rule that says Full-Username BEGINS_WITH "DOMAIN\"


| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Regular Contributor I

Re: Clearpass Services for Multiple Domains

Brilliant and simple solution. 


I like your style. Thanks for the help!

Search Airheads
Showing results for 
Search instead for 
Did you mean: