Controllerless Networks

 View Only
last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

LDAP Authenticating Aruba 505 Virtual Controller with Azure AD

This thread has been viewed 22 times

  • 1.  LDAP Authenticating Aruba 505 Virtual Controller with Azure AD

    Posted Mar 20, 2023 11:04 AM

    Dear All,

    Can we authenticate users in a environment which have Aruba 505 Virtual Controller with Azure AD using LDAP?

    If can, could anyone please share a link of a guide for that implementation ?

    Are there any other most effective method to authenticate users in a environment with Aruba 505 VC with Azure AD?

    Than you



  • 2.  RE: LDAP Authenticating Aruba 505 Virtual Controller with Azure AD

    EMPLOYEE
    Posted Mar 21, 2023 08:50 AM

    You cannot really authenticate users through LDAP. Strong authentication of wireless users typically happens with client certificates (EAP-TLS) and you would need an authentication server (like ClearPass) to authenticate those client certificates.

    Azure AD, by default, does not offer LDAP either. You would need Azure AD Directory Services.

    Unfortunately, it's not trivial to make 802.1X Authentication work with Azure AD, without additional components like Intune, ClearPass.

    If you have your APs managed by Central, you can use the Cloud Authentication & Policy to link to Azure AD directly.

    May be best to work with your local Aruba Partner, or Aruba SE to get solution that matches your size, scale and requirements.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 3.  RE: LDAP Authenticating Aruba 505 Virtual Controller with Azure AD

    Posted Mar 21, 2023 09:15 AM

    Thanks in advance for  your reply Herman, I got your point and really appreciate if you can give me your ideas on below concerns.

    01. Currently APs are managed by a virtual controller and if the customers need a most effective way for guest user authentication , is central or clearpass the most best solution ?

    02. Can we host Clearpass on Azure and do you have any guideline for connecting Clearpass with Azure AD ?

    03. Can we onboard devices and authenticate users through 802.1X seamlessly when the Clearpass has been hosted on Azure ?

    Thank you 


    Original Message


  • 4.  RE: LDAP Authenticating Aruba 505 Virtual Controller with Azure AD

    EMPLOYEE
    Posted Mar 28, 2023 03:15 AM

    The benefit of Cloud Guest (in Central) is that you don't need additional servers, the feature comes with Central and is easy to setup. With ClearPass you have full control over the look & feel, and advanced guest workflows. So it depends a bit on your requirements, but Central Cloud Guest is probably fine for 90%+ of all cases.

    Yes you can deploy ClearPass in Azure and connect it to Azure AD (both are links to the documentation). As mentioned before, for Azure AD you should move to EAP-TLS, because legacy authentication methods like EAP-PEAP are not available with Azure AD. For EAP-TLS you would need client certificates, which for managed clients are in most cases enrolled through Intune or another MDM, for unmanaged clients (BYOD/Contractors) you could use ClearPass Onboard or Central Cloud Authentication depending if you go the ClearPass or Central route.

    There is no difference if ClearPass is hosted in Azure or on premise. For 802.1X you would need RADIUS between your network devices (switches/APs/controllers) and ClearPass. For ClearPass Onboard and ClearPass Guest, your clients would need HTTPS access to your ClearPass server. That can be achieved both on-premise and with ClearPass in Azure.

    Please work with your Aruba partner to create the optimal design as it is hard in this forum to cover all options and requirements you have.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message