Security

Reply
Occasional Contributor II

Using AD as authentication source for MAC auth

Is it possible to do MAC auth using Active Directory as the authentication source? I have couple test accounts in AD that have networkAddress attributes configured with MAC addresses. Wondering if I could search AD for the MAC address and send access-accept if the user account is in AD

 

Or should I just do a script that would find all the AD accounts under certain OU that have something configured in networkAddress attribute and push those to endpoint repository?

Guru Elite

Re: Using AD as authentication source for MAC auth

Not really recommended. Why not just use Device Registration which is built in to the product?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Using AD as authentication source for MAC auth

All the other accounts are in AD so I was hoping to have only one place to add users and devices. If it worked, I would have also returned different VLANs based on OU structure / groups.

Guru Elite

Re: Using AD as authentication source for MAC auth

Generally you should use AD as a true identity store. A MAC address is simply a piece of authorization information.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Using AD as authentication source for MAC auth

We have an OU for example for surveillance cameras. Some support 802.1X authentication, some would work only with MAC auth. Theres also other devices like some medical devices that have different level of 802.1X support, so I could've just configured them all in AD 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: