802.1X Service Enforcement: Certificate Device Hostname
3 weeks ago - last edited 3 weeks ago
As part of my 802.1X service for Windows PC's in Clearpass, I want to have an enforcement condition that allows me to look at the hostname in the device certificate and see if it's a valid hostname in AD.
Is this possible?
Any help here would be appreciated.
Thanks in advance,
Re: 802.1X Service Enforcement: Certificate Device Hostname
2 weeks ago
Yes for sure, if you're using computer certificate, the certificate should have the name of the computer.
Put your active directory as a source of Authentication and then create a role mapping for your service which will query the Active Directory to check multiple thinks like : if the computer is trusted, if the computer is still active, etc.
Please find an example in the screenshot.