Wireless Access

I have a new laptop provision. In Clearpass we are doing "computer authenication". AD is seeing the new laptop, but i am failing loggin. When i went to check Clearpass attribute, i can not find the computer.Is there a way to sync Clearpass to AD manually for the missing computer?

 

Thnx.

Chan K.

 

 

The client has to be configured for computer authentication. There is no sync that happens between ClearPass and AD. 


Thanks, 
Tim

Tim, the client/computer is setup for authenication. If there is no sync between the two, i wonder how AD can see the computer. I also used LDAP Browser and was able to see the computer. But within Clearpass, i can not see the computer.

 

Thnx.

Chan K.

If you're not seeing the machine authentication in access tracker, either the device is not configured correctly or the device hasn't been rebooted or logged out recently. 


Thanks, 
Tim

Thanks Tim. Just got of the phone with TAC. They find it strange also that LDAP Broswer was able to see the computer account and Clearpass could not. Aftward, TAC performed the following within Clearpass.

 

Configuration >> Authentication >> Source >> "Your AD Server" then click the Atrribute tab. Next, Click anywhere in the body to open up the Configuration Filter settting.

 

Under "Fiter Query", TAC removed the default string of "(&(&(sAMAccountName=%{Authentication:Username})(objectClass=user)))"  and save it. Finally, TAC pasted back the default string and save it.

 

Afterward, Clearpass was able to see the computer and the computer was able to authenicate sucessfully via computer authenication.

 

Thnx.

Chan K.