Users Guide
Authentication Tab
The Authentication tab contains options for configuring authentication methods and sources. The default
Authentication method used for this type of service is [MAC AUTH], which is a special type of method called MAC-
AUTH. When this authentication method is selected, Policy Manager does stricter checking of the MAC Address of
the client. This type of service can use either a built-in static host list (see "Adding and Modifying Static Host Lists"
on page 187), or any other authentication source for the purpose of white-listing or black-listing the client. You can
also specify the role mapping policy, based on categorization of the MAC addresses in the authorization sources.
l Authentication Methods: The authentication methods used for this service depend on the 802.1X supplicants and
the type of authentication methods you choose to deploy. Policy Manager automatically selects the appropriate
method for authentication when a user attempts to connect. For this service, MAC AUTH is automatically selected.
Non-tunneled EAP methods such as EAP-MD5 can also be used as authentication methods.
l Authentication Sources: The Authentication Sources used for this type of service can be one or more instances of
the following: Active Directory, LDAP Directory, SQL DB, Token Server or the Policy Manager local DB.
For both Authentication Methods and Authentication Sources, you can select one item in the list and use the buttons
on the right to:
l Move it up or down.
The order of authentication matters. When a client tries to do 802.1X authentication, Policy Manager proposes the
first authentication method configured. The client can accept the authentication method proposed by Policy
Manager and continue authentication or send a NAK and propose a different authentication method. If this
authentication method is also configured, then authentication will proceed. Otherwise authentication will fail.
If most of the clients in the network use a particular authentication method, that authentication method should be
configured first in the list. This would reduce the number of RADIUS packets exchanged.
l Remove it.
l View its details.
l Modify it. (See "Adding and Modifying Authentication Methods" on page 131 and "Adding and Modifying
Authentication Sources" on page 149.)
You can also use the links on the right to add a new authentication method or source.
Select Strip Username Rules to pre-process the user name (to remove prefixes and suffixes) before authenticating and
authorizing against the authentication source.
Authorization Tab
The Authorization tab is not visible by default. To access it, select the Authorization check box on the Services tab.
The Authorization tab is where you select authorization sources for this service. Policy Manager fetches role mapping
attributes from the authorization sources associated with the service, regardless of which authentication source was
used to authenticate the user. For a given service, role mapping attributes are fetched from the following authorization
sources:
l The authorization sources associated with the authentication source.
l The authorization sources associated with the service. For more information on configuring authorization sources,
refer to "Adding and Modifying Authentication Methods" on page 131.
To add an authorization source, select it from the drop-down list.
For authorization sources in the list, you can select one and use the buttons on the right to:
l Remove it.
l View its details.
Dell Networking W-ClearPass Policy Manager 6.3 | User Guide Services | 107