Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Configuring authentication with AD DS (CPPM / Instant IAP 105)

This thread has been viewed 0 times

  • 1.  Configuring authentication with AD DS (CPPM / Instant IAP 105)

    Posted Nov 10, 2014 11:02 AM

    Greetings All,

     

    I am looking to configure one of my SSIDs to use AD as an authentication platform. This will be to provide internal guest access to the internet only (won't allow access to internal resources).

     

    I have configure an SSID to permit access using the internal database (for guests), but was hoping to allow the new SSID to use domain credentials to allow access for internal users.

     

    Does anyone have a configuration document to show how this can be achieved? Is there anything that I need to check / do to AD DS to allow authentication (apart from provide an "admin" account with read permissions)?

     

    Can anyone let me know the maximum number of user accounts within CPPM (Version 6.3.5)

     

    TIA for any assistance / pitfalls that you may be able to help me with

     

    Gordie



  • 2.  RE: Configuring authentication with AD DS (CPPM / Instant IAP 105)

    EMPLOYEE
    Posted Nov 10, 2014 11:04 AM

    Are you trying to use a captive portal or 802.1X?



  • 3.  RE: Configuring authentication with AD DS (CPPM / Instant IAP 105)

    Posted Nov 10, 2014 11:05 AM

    Hi Tim,

     

    Thanks for the uber quick reply.

     

    We aim to use a captive portal for authentication

     

    TIA

     

    G



  • 4.  RE: Configuring authentication with AD DS (CPPM / Instant IAP 105)

    EMPLOYEE
    Posted Nov 10, 2014 11:07 AM

    Yes, you'll need an AD account in the standard Domain Users group. Create an AD authentication source and define that account. Then add that authentication source to your web login service. 

     

    You can then use AD attributes in your role mapping and/or enforcement policy.



  • 5.  RE: Configuring authentication with AD DS (CPPM / Instant IAP 105)

    Posted Nov 10, 2014 12:04 PM

    Tim,

     

    Thank you so much.  I will give this a try but may come back with more questions

     

    Kudos my friend

     

    G



  • 6.  RE: Configuring authentication with AD DS (CPPM / Instant IAP 105)

    Posted Nov 18, 2014 04:25 AM

    Hi Tim,

     

    Does the AD account specified in the config require elevated permissions?

     

    I have tried to connect but this is failing my credentials.

     

    I am going to work with our server team to see if they can find anything in the logs.

     

    Is there a guide on how to configure AD as an authentication source?

     

    TIA

    G



  • 7.  RE: Configuring authentication with AD DS (CPPM / Instant IAP 105)

    EMPLOYEE
    Posted Nov 18, 2014 06:33 AM
    No, just a standard user account. Are you getting an error?


  • 8.  RE: Configuring authentication with AD DS (CPPM / Instant IAP 105)

    Posted Nov 18, 2014 06:52 AM

    Hi Tim,

     

    Nothing at all. 

     

    The only hint of an error is the authentication failed error on the captive portal.

     

    TIA

     

    G



  • 9.  RE: Configuring authentication with AD DS (CPPM / Instant IAP 105)

    EMPLOYEE
    Posted Nov 18, 2014 07:03 AM
    You can test your AD source by clicking the Search Base DN link on the primary tab. If you are to browse through the directory, it is set up correctly.

    When you get the error in the captive portal, what shows up in access tracker?