Reference Guide

6 ClearPass 6.0 Common issues encountered during deployment|Technical Note

3. Joining ClearPass 6.0 to an AD domain

Here are some tips when integrating ClearPass with Active Directory.

 Joining ClearPass 6.0 to an AD domain is only necessary when performing EAP-PEAP

authentication.

 Ensure that all server clocks, (Including AD and ClearPass) are set correctly with preferred

NTP synchronization.

 Ensure that the ClearPass DNS configuration is configured to send requests to the Active

Directory server.

 Use the Fully Qualified Domain Name (FQDN) of a Domain Controller (using only the domain

name or IP address are likely to fail).

 When entering the domain name during the join process, use the format: username@domain

(DOMAIN\username will fail).

 The ClearPass join account requires privileges to add computers to the domain. Full domain

administration rights will also work.

 The Active Directory account used to join the domain is not stored by ClearPass and may be

disabled or even deleted once the join operation is completed.