PDF

Preview

Summary

Un datasheet, también conocido como una hoja de datos o ficha técnica, es un documento que se suele utilizar para la comunicación tecnológica que describe las especificaciones, explica el rendimiento y las características técnicas de un producto, material, componente, máquina, etc.

Usua...

Description

Open topic with navigation

This section contains the following information: Introduction Synchronizing the Cluster Date and Time with the NTP Server Joining an Active Directory Domain About the Authentication Source and the Authorization Process Manually Configuring Active Directory Password Servers Disassociating a ClearPass Server From an Active Directory Domain

Introduction The first task in preparing ClearPass for Active Directory® (AD) authentication via EAP-PEAP-CHAP-v2 ClearPass server to an Active Directory domain. Joining ClearPass Policy Manager to an Active Directo you to authenticate users and computers that are members of an Active Directory domain. Joining ClearPass Policy Manager to an Active Directory domain creates a computer account for the Cl Active Directory database. Users can then authenticate to the network using 802.1X and EAP methods MSCHAPv2, with their own Active Directory credentials. When joining an Active Directory domain and doing PEAPv0+MSCHAPv2 authentication, ClearPass ne the highest Server Message Block (SMB) protocol version that is supported by the ClearPass server. C SMBv1, v2, and v3. A one-time procedure to join ClearPass Policy Manager to the domain must be performed from an acco ability to join a computer to the domain; if you are unsure whether the administrator account has the abi with your Windows administrator. Why does ClearPass need to join Active Directory to perform EAP-PEAP-MS-CHAPv2 authentication fo ClearPass Policy Manager needs to be joined to Active Directory because when performing authenticat EAP-PEAP-MS-CHAPv2, only the password hashes supplied by the user are used to authenticate agai This is done using NT LAN Manager (NTLM) authentication, which requires Active Directory domain me If you need to authenticate users that belong to multiple Active Directory forests or domains in your netw trust relationship between these entities, then you must join ClearPass to each of these untrusting fores You do not need to join ClearPassPolicy Manager to multiple domains belonging to the same Active because a one-way trust relationship exists between these domains. In this case, you should join C domain.

About the Domain Controller A domain is defined as a logical group of network objects (computers, users, and devices) that share th Directory database.

4. In the Password Servers text box, enter the names of the domain controllers that will be used for au entry per line). 5. When finished, click Save.

Disassociating a ClearPass Server From an Active Directory Domain When leaving an Active Directory domain, ClearPass uses the supplied credentials to remove the “Com Active Directory before removing its own relationship with that AD domain that exists on ClearPass itse

To disassociate a ClearPass server from an Active Directory domain: 1. Navigate to Administration > Server Manager > Server Configuration. 2. Select the name of the ClearPass server that you want to disassociate from the domain. 3. Click Leave AD Domain. The Leave AD Domain dialog opens. Figure 11 Leave AD Domain Dialog

4. Specify the Leave AD Domain parameters as described in the following table. Table 4: Leave AD Domain Parameters Parameter

Action/Description

Leave domain even if AD is Down

When you enable Leave domain even if AD is Down, ClearPass tries to Account from Active Directory but instead of stopping the leave process i...