Security

 View Only
last person joined: 23 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Need some direction on CPPM - Domain Joined PC and Auth User

This thread has been viewed 11 times

  • 1.  Need some direction on CPPM - Domain Joined PC and Auth User

    Posted Jul 27, 2022 08:27 AM
    I am trying to build clearpass roles which distinguish when a user has logged onto a domain join PC or there own device

    Something also the lines of 

    AD Account + Domain Join PC = Role_Trust 
    AD Account + non-domain joined PC = Role_untrust

    Is this possible and how would I go about it, 
    The domain joined PC will be on the network and so will have 

    Domain Join PC = Role_DomainPC

    I assume that the machine will auth based on the OU with the computers in, but when the user logs on, this doesnt include the information about the PC domain status. 

    Thanks


  • 2.  RE: Need some direction on CPPM - Domain Joined PC and Auth User

    Posted Jul 27, 2022 09:02 AM
    TIPS:Role:Matches_All: [Machine Authenticated] [User Authenticated] = Role_Trust
    TIPS:Role:Equals: [User Authenticated] = Role_untrust
    TIPS:Role:Equals: [Machine Authenticated] = Role_DomainPC

    Configure your Windows supplicant for Machine or User Authentication.  Or better yet, use TEAP.
    Original Message