ClearPass – Authenticate Management via AD

In this guide I’m going to try and use the default roles wherever possible, as authenticating the HTTPS management of ClearPass against Active Directory is a fairly straightforward process. As a note, I’ve covered configuring Active Directory as an Authentication Source in a previous guide, so I won’t include it here.

First we create a new Role Mapping with the following settings:

  • Policy Name – ClearPass Management Role Mapping
  • Default Role – [Other]
  • Conditions
    • (Authorization:<ad source>:Groups EQUALS <OU Group>)
  • Role Name: [TACACS+ Super Admin]

We now create a new service to tell ClearPass where to apply everything

  • Name – CPPM Management Auth via AD
  • Type – TACACS+ Enforcement
  • Connection NAD-IP-Address EQUALS 127.0.0.1
  • Authentication Sources: <AD Source>
  • Role Mapping Policy: ClearPass Management Role Mapping

You can now test logging in with a different web browser and follow the auth process in access tracker.

Leave a Reply

Your email address will not be published. Required fields are marked *