Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

101

102

103

104

105

106

107

108

109

110

4. Enter the information for each of the required parameters as described in Table 16.

Table 16: Primary Parameters for an Active Directory Authentication Source

Parameter Action/Description

Hostname

1. Enter the name or IP address of the Active Directory server you’re going to use for

authentication.

The host name entered here must be an LDAP server (note that most domain

controllers are also LDAP servers). W-ClearPass uses LDAP to talk to the domain

controller.

Connection Security

2. Set Connection Security to: AD over SSL.

This enables the secure sockets layer (SSL) cryptographic protocol to connect to your

Active Directory. Selecting AD over SSL automatically populates the Port field to

636.

NOTE: In a production environment, security is a concern because when W-ClearPass

binds to an LDAP server, it submits the username and password for that account over

the network under clear text unless you protect it using Connection Security and set

the port to 636.

NOTE: To ensure successful authentication, be sure to add the CA certificate of the

Active Directory/LDAP server to the Certificate Trust List. For more information, refer

to Importing the Root CAFiles to the Certificate Trust List.

Port

3. Specify the TCP port at which the Active Directory server is listening for

connections.

For a single domain Active Directory Domain Service:

l Default port for LDAP: 389

l Default port for LDAP over SSL: 636

When you set the Connection Security field to AD over SSL, this port is automatically

set to 636.

For a multi-domain Active Directory Domain Service (AD DS) forest, the default ports

for the global catalog are:

l Default port without SSL: 3268

l Default port with SSL: 3269

Verify Server Certificate 4. Enable this option to verify the Server Certificate for a secure connection.

Bind DN

5. Enter the Distinguished Name of the node in your directory tree from which to

start searching for records.

The Bind DN text box specifies the full distinguished name (DN), including common

name (CN), of an Active Directory user account that has privileges to search for

users (usually the Administrator account). For example:

CN=Administrator,CN=Users,DC=mycompany,DC=com

NOTE: You may need to get the Bind DN from the Active Directory administrator.

This user account must have at least domain user privileges.

The Bind DN user, such as Administrator, is the username associated with the Bind

DN user account.

Dell Networking W-ClearPass Deployment Guide Preparing for Active Directory Authentication | 105