Security

last person joined: 12 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Using AD as authentication source for MAC auth

This thread has been viewed 1 times

  • 1.  Using AD as authentication source for MAC auth

    Posted Apr 09, 2019 10:57 AM

    Is it possible to do MAC auth using Active Directory as the authentication source? I have couple test accounts in AD that have networkAddress attributes configured with MAC addresses. Wondering if I could search AD for the MAC address and send access-accept if the user account is in AD

     

    Or should I just do a script that would find all the AD accounts under certain OU that have something configured in networkAddress attribute and push those to endpoint repository?



  • 2.  RE: Using AD as authentication source for MAC auth

    EMPLOYEE
    Posted Apr 09, 2019 10:59 AM
    Not really recommended. Why not just use Device Registration which is built in to the product?


  • 3.  RE: Using AD as authentication source for MAC auth

    Posted Apr 09, 2019 11:00 AM

    All the other accounts are in AD so I was hoping to have only one place to add users and devices. If it worked, I would have also returned different VLANs based on OU structure / groups.



  • 4.  RE: Using AD as authentication source for MAC auth

    EMPLOYEE
    Posted Apr 09, 2019 11:03 AM
    Generally you should use AD as a true identity store. A MAC address is simply a piece of authorization information.


  • 5.  RE: Using AD as authentication source for MAC auth

    Posted Apr 09, 2019 11:08 AM

    We have an OU for example for surveillance cameras. Some support 802.1X authentication, some would work only with MAC auth. Theres also other devices like some medical devices that have different level of 802.1X support, so I could've just configured them all in AD