Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

501

502

503

504

505

506

507

508

509

510

504 | Administration Dell Networking W-ClearPass Policy Manager 6.6 | User Guide

Field Characters Allowed Not Allowed

Username ~ ! @ # $ % ^ * _ - + = { } , . \ ' " ? /

` & ( )

Password ! @ # $ % ^ & * ( ) _ - + = { } < , > . ? /

~ ` [ ] \ | ; : ' "

Table 275: Characters Allowed and Not Allowed for Active Directory

Username and Password

The Join ADDomain status screen opens. The screen displays the message “Adding host to AD domain,”

and the screen displays status during the joining process.

When the joining process completes successfully, you see the message “Added host to the domain.”

4. Click Close.

You return to the Server Configuration page, and it now shows that the W-ClearPass server is joined to

the domain.

Now that the W-ClearPass Policy Manager server has joined the domain, the server can authenticate users

with Active Directory.

After an Active Directory Domain is added, the domain controller can be setup as a password server. For

more information on adding a password server, see Adding a Password Server on page 506.

Join AD Domain

You can join W-ClearPass Policy Manager to an Active Directory (AD) domain to authenticate users and

computers that are members of an Active Directory domain. If you join W-ClearPass to an Active Directory

domain, it creates an account for the W-ClearPass node in the Active Directory database.

Users can then authenticate into the network using 802.1X and EAP methods, such as PEAP-MSCHAPv2, with

their own their own Active Directory credentials.

If you need to authenticate users belonging to multiple Active Directory forests or domains in your network,

and there is no trust relationship between these entities, then you must join W-ClearPass to each of these

untrusted forests or domains.

W-ClearPass does not require to join multiple domains belonging to the same ActiveDirectory forest because a one-

way trust relationship exists between those domains. In this case, W-ClearPass can join the root domain.

W-ClearPass can join or leave an Active Directory domain by using the following two buttons in the Server

Configuration page > System tab:

l Join Domain: Click Join Domain to join this W-ClearPass appliance to an Active Directory domain.

Password servers can be configured after Policy Manager is successfully joined. For more information on

adding a password server, see Adding a Password Server on page 506.

l Leave Domain: If the server is already part of multiple Active Directory domains, click Leave Domain to

disassociate this W-ClearPass appliance from an Active Directory domain.

For most use cases, if you have multiple nodes in the cluster, you must join each node to the same Active Directory

domain.