Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Onboard Certificate and AD

This thread has been viewed 0 times

  • 1.  Onboard Certificate and AD

    Posted Dec 16, 2019 10:26 AM

    Dear Experts, 

     

    Question is regarding CPPM Onboard module. The scenario is simple, when the user is authenticated from Active Directory and is onboarded (given certificate by CPPM as root CA) what happens to the future authentication requests from the same user. Since he is now being authenticated with certificate, does this authentication involves AD also everytime. Customer wants to know that if AD is down for maintenance (and for query's sake, there is no AD backup etc), will the users still be allowed to authenticate using certificates only?

     

    I know you may say they will not be able to login to their machines but i just want to give answer to the query they have asked. They need to know that once certificate based authentication is used, does it still authenticates with AD in the background?



  • 2.  RE: Onboard Certificate and AD

    EMPLOYEE
    Posted Dec 16, 2019 10:35 AM

    Once device is onborded it uses certificates to authenticate until certificate is valid or someone revoke the certificate.

     

    We can use AD as Authorization source for certificate comparison in EAP-TLS protocol, if you are not using as Authorization source then it will use only certificates.

     

    Capture.PNG

     

     



  • 3.  RE: Onboard Certificate and AD

    Posted Dec 16, 2019 02:38 PM
      |   view attached

    Create a copy of the original EAP-TLS method. Remove the authorization check from the copy.  Use copy method in your radius service.