Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass - create a rule based on OU computers

This thread has been viewed 1 times

  • 1.  Clearpass - create a rule based on OU computers

    Posted Oct 17, 2017 09:44 AM
      |   view attached

    Hi All,

    I would like to create a rule at clearpass based on OU computers.
    If the computer exists in the OU then assign a ROLE.

    But I was unable to create the LDAP filter to bring the OU information from Active Directory.

    Users currently authenticate through the aruba wireless network via 802.1x EAP-PEAP and are profilled, but do not save to the OU where they are located. only Hostname and OS.

     

    Anyone have any idea how to solve this?

     

    Thank you,

    Ed



  • 2.  RE: Clearpass - create a rule based on OU computers

    Posted Oct 17, 2017 11:46 AM
    Are you using AD as an authorization source ?


  • 3.  RE: Clearpass - create a rule based on OU computers

    Posted Oct 17, 2017 12:22 PM

    Yes. I’m using AD as an authorization source. but I was unable to create a attribute to bring the OU computers to define a Role.



  • 4.  RE: Clearpass - create a rule based on OU computers

    Posted Oct 17, 2017 12:41 PM
    Is the windows machine able to perform machine authentication ?


  • 5.  RE: Clearpass - create a rule based on OU computers

    Posted Oct 17, 2017 01:10 PM

    This thread might help you. Some environments have nested groups. 

     

    https://community.arubanetworks.com/t5/Security/Nested-groups-in-MemberOf-for-active-directory-not-being/td-p/59626



  • 6.  RE: Clearpass - create a rule based on OU computers

    EMPLOYEE
    Posted Oct 17, 2017 06:59 PM
    UserDN ENDS_WITH