ClearPass Admin Access via Active Directory
- see also Workshop:

- Configuration -> Services
>> make a copy of Default Service Rule [Policy Manager Admin Network Login Service]
[ square braket’s mean default rule ]
call the new server “yoursuffix_Policy Manager Admin Network Login Service”
- Reorder new service > move to first position
- Service configuration:
- Authentication Tab: Authentication Sources
remove [Local User Repository]
remove [Admin User Repository]
add your Active Directory “Authentication Source”
- Roles >> no Role Mapping
- Enforcement
>> make a copy of Default Enformement Policy [Admin Network Login Policy]
[ square braket’s mean default rule ]
call the Enforcement Policy “yoursuffix_Admin Network Login Policy”
>> Add a Rule:
Authorization:your-Active-Directory-authentication source
memberOf EQUALS “your-add-group”
>> Profile Names: choose [TACACS+ Super Admin]

- Test login in private browser windows + check under Monitoring > Access Tracer

- User “admin” will always work!

computer2know :: thank you for your visit :: have a nice day :: © 2024