W-ClearPass Guest 6.0 Deployment Guide
Page 5
...Setting Up a Root Certificate Authority 82 Setting Up an Intermediate Certificate Authority 84 Obtaining a Certificate for the Certificate Authority 86 Using Microsoft Active Directory Certificate Services 86 Installing a Certificate Authority's Certificate 88 Renewing the Certificate Authority's Certificate 90 Configuring Data Retention Policy for Certificates 90 Uploading ... Revocation Checks and Authorization 109 Configuring Provisioning Settings for iOS and OS X 110 Configuring Instructions for iOS and OS X 111 Dell Networking W-ClearPass Guest 6.0 | Deployment Guide |5
...Setting Up a Root Certificate Authority 82 Setting Up an Intermediate Certificate Authority 84 Obtaining a Certificate for the Certificate Authority 86 Using Microsoft Active Directory Certificate Services 86 Installing a Certificate Authority's Certificate 88 Renewing the Certificate Authority's Certificate 90 Configuring Data Retention Policy for Certificates 90 Uploading ... Revocation Checks and Authorization 109 Configuring Provisioning Settings for iOS and OS X 110 Configuring Instructions for iOS and OS X 111 Dell Networking W-ClearPass Guest 6.0 | Deployment Guide |5
W-ClearPass Guest 6.0 Deployment Guide
Page 15
The visitor can be given a printed customized receipt with an LDAP server or Active Directory login. Through a customizable Web portal, your visitors to pre-generate custom scratch cards, each with a defined network access time, ...to define settings that allow your staff can be handed out in a corporate environment or sold in public access scenarios. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Dell Networking W-ClearPass Guest Overview | 15 Companies are also able to self-provision their own guest accounts. Visitors register through an operator profile...
The visitor can be given a printed customized receipt with an LDAP server or Active Directory login. Through a customizable Web portal, your visitors to pre-generate custom scratch cards, each with a defined network access time, ...to define settings that allow your staff can be handed out in a corporate environment or sold in public access scenarios. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Dell Networking W-ClearPass Guest Overview | 15 Companies are also able to self-provision their own guest accounts. Visitors register through an operator profile...
W-ClearPass Guest 6.0 Deployment Guide
Page 76
... 16 shows a sequence diagram that explains the steps involved in Figure 17. 76 | Devices Supporting Onboard Provisioning Dell Networking W-ClearPass Guest 6.0 | Deployment Guide A Transport Layer Security (TLS) client certificate is performed (the authentication server verifies ... W-ClearPass Onboard supports secure device provisioning for iOS Platform 1. A Simple Certificate Enrollment Protocol (SCEP) certificate is to the device during the provisioning process. These are typically the user's enterprise credentials from Active Directory. After provisioning has completed...
... 16 shows a sequence diagram that explains the steps involved in Figure 17. 76 | Devices Supporting Onboard Provisioning Dell Networking W-ClearPass Guest 6.0 | Deployment Guide A Transport Layer Security (TLS) client certificate is performed (the authentication server verifies ... W-ClearPass Onboard supports secure device provisioning for iOS Platform 1. A Simple Certificate Enrollment Protocol (SCEP) certificate is to the device during the provisioning process. These are typically the user's enterprise credentials from Active Directory. After provisioning has completed...
W-ClearPass Guest 6.0 Deployment Guide
Page 86
... certificate authority. Click the Request a Certificate link on page 88. The Request a Certificate page opens. Click the link to the Microsoft Active Directory Certificate Services Web page. The Welcome page opens. You can paste the request directly into another application to renew the certificate authority's intermediate certificate ... signing request. Obtaining a Certificate for the Certificate Authority The Intermediate Certificate Request page displays the certificate signing request for the Certificate Authority Dell Networking W-ClearPass Guest 6.0 | Deployment Guide
... certificate authority. Click the Request a Certificate link on page 88. The Request a Certificate page opens. Click the link to the Microsoft Active Directory Certificate Services Web page. The Welcome page opens. You can paste the request directly into another application to renew the certificate authority's intermediate certificate ... signing request. Obtaining a Certificate for the Certificate Authority The Intermediate Certificate Request page displays the certificate signing request for the Certificate Authority Dell Networking W-ClearPass Guest 6.0 | Deployment Guide
W-ClearPass Guest 6.0 Deployment Guide
Page 87
... the Submit button to submit a request using a base-64-encoded CMC or PKCS #10 file. Figure 20: The Certificate Pending Page Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Using Microsoft Active Directory Certificate Services | 87 Either the Certificate Pending or the Certificate Issued page is for a certificate authority, select the "Subordinate Certificate Authority" in...
... the Submit button to submit a request using a base-64-encoded CMC or PKCS #10 file. Figure 20: The Certificate Pending Page Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Using Microsoft Active Directory Certificate Services | 87 Either the Certificate Pending or the Certificate Issued page is for a certificate authority, select the "Subordinate Certificate Authority" in...
W-ClearPass Guest 6.0 Deployment Guide
Page 135
Go to it into it in ClearPass Guest: 1. The Add Content form 2. You can reference the file when creating custom HTML templates. Upload New Content tab. Directory structure is displayed. To overwrite a previous file of the editor. To use a content item, you can insert a ...Content form is preserved when extracting. 3. (Optional) You may enter a description of the content assets in the public directory on the Web server. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Uploading Content | 135 To do this, select the content item you wish to insert from ...
Go to it into it in ClearPass Guest: 1. The Add Content form 2. You can reference the file when creating custom HTML templates. Upload New Content tab. Directory structure is displayed. To overwrite a previous file of the editor. To use a content item, you can insert a ...Content form is preserved when extracting. 3. (Optional) You may enter a description of the content assets in the public directory on the Web server. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Uploading Content | 135 To do this, select the content item you wish to insert from ...
W-ClearPass Guest 6.0 Deployment Guide
Page 136
...completed the form, click the Fetch Content button to have the file downloaded. The item is displayed below its row in the public directory on the Web server. You can use the View Content link. 7. The Quick View link can be asked to confirm the deletion.... 4. The file is not available for all content types. 136 | Additional Content Actions Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Additional Content Actions To work with your Web browser, click the Download link. 6. Editable properties include the content item...
...completed the form, click the Fetch Content button to have the file downloaded. The item is displayed below its row in the public directory on the Web server. You can use the View Content link. 7. The Quick View link can be asked to confirm the deletion.... 4. The file is not available for all content types. 136 | Additional Content Actions Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Additional Content Actions To work with your Web browser, click the Download link. 6. Editable properties include the content item...
W-ClearPass Guest 6.0 Deployment Guide
Page 241
... | 241 Operators may perform, as well as global settings such as the look and feel of operator profiles. These profiles might be defined locally in ClearPass Guest, or externally in an LDAP directory server. About Operator Logins Dell Networking W-ClearPass Guest supports role-based access control through the use of the user interface.
... | 241 Operators may perform, as well as global settings such as the look and feel of operator profiles. These profiles might be defined locally in ClearPass Guest, or externally in an LDAP directory server. About Operator Logins Dell Networking W-ClearPass Guest supports role-based access control through the use of the user interface.
W-ClearPass Guest 6.0 Deployment Guide
Page 242
... diagram. Creating an Operator Profile Click the Create Operator Profile link to Administrator > Operator Logins > Profiles. What your company's directory server. Both types of operator logins are supported: local operators and operators who are described in your profile permits is displayed. ...About Operator Logins" on page 241 for details on configuring different forms and views for Multiple Operator Profiles Dell Networking W-ClearPass Guest 6.0 | Deployment Guide The Operator Profile Editor form is determined by the network administrator. These customized settings will take when...
... diagram. Creating an Operator Profile Click the Create Operator Profile link to Administrator > Operator Logins > Profiles. What your company's directory server. Both types of operator logins are supported: local operators and operators who are described in your profile permits is displayed. ...About Operator Logins" on page 241 for details on configuring different forms and views for Multiple Operator Profiles Dell Networking W-ClearPass Guest 6.0 | Deployment Guide The Operator Profile Editor form is determined by the network administrator. These customized settings will take when...
W-ClearPass Guest 6.0 Deployment Guide
Page 248
... features, such as appropriate. Only authentication is installed. 2. Create an operator profile in ClearPass Guest when the AirGroup Services plugin is supported. 248 | Creating a New Operator Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Create a local user for that matches the operator profile. ...the CPPM role name to set up operator logins integrated with a Microsoft Active Directory domain or another LDAP server. You cannot create or edit operator logins using LDAP directory server operations. See "Operator Profiles " on page 254. 7. Click Save...
... features, such as appropriate. Only authentication is installed. 2. Create an operator profile in ClearPass Guest when the AirGroup Services plugin is supported. 248 | Creating a New Operator Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Create a local user for that matches the operator profile. ...the CPPM role name to set up operator logins integrated with a Microsoft Active Directory domain or another LDAP server. You cannot create or edit operator logins using LDAP directory server operations. See "Operator Profiles " on page 254. 7. Click Save...
W-ClearPass Guest 6.0 Deployment Guide
Page 249
These LDAP attributes are built-in defaults for Microsoft Active Directory servers, POSIX-compliant directory servers, and RADIUS servers. In particular, an operator profile will use a Server URL of the form ldap://hostname/ or ldap://hostname... with this server to authenticate operator logins. Once a server is found that is enabled for more details about the types of the following options: Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Manage LDAP Operator Authentication Servers | 249 To specify a basic LDAP server connection (hostname and optional port number), use ...
These LDAP attributes are built-in defaults for Microsoft Active Directory servers, POSIX-compliant directory servers, and RADIUS servers. In particular, an operator profile will use a Server URL of the form ldap://hostname/ or ldap://hostname... with this server to authenticate operator logins. Once a server is found that is enabled for more details about the types of the following options: Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Manage LDAP Operator Authentication Servers | 249 To specify a basic LDAP server connection (hostname and optional port number), use ...
W-ClearPass Guest 6.0 Deployment Guide
Page 250
... completed the form, you can check your LDAP server does not use anonymous bind, you must supply the required credentials to bind to the directory. (Leave this field blank to use an anonymous bind.) l Default Profile: The default operator profile to assign to operators authorized by this ...plugin is selected, this field blank to use an anonymous bind. Table 21: Server Type Parameters Server Type Required Configuration Parameters Microsoft Active Directory l Server URL: The URL of the LDAP server l Bind DN: The password to use for the LDAP search. If the 250 | Creating...
... completed the form, you can check your LDAP server does not use anonymous bind, you must supply the required credentials to bind to the directory. (Leave this field blank to use an anonymous bind.) l Default Profile: The default operator profile to assign to operators authorized by this ...plugin is selected, this field blank to use an anonymous bind. Table 21: Server Type Parameters Server Type Required Configuration Parameters Microsoft Active Directory l Server URL: The URL of the LDAP server l Bind DN: The password to use for the LDAP search. If the 250 | Creating...
W-ClearPass Guest 6.0 Deployment Guide
Page 251
... Delete-Removes the server from the bind username. To specify the use of LDAP v3, use this LDAP Server. When Microsoft Active Directory is selected as enabled, subsequent operator login attempts will be displayed. l attributes is automatically used. l Enable-Reenables a disabled LDAP ... use the prefix ldaps://. l Duplicate-Creates a copy of name=value pairs. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Advanced LDAP URL Syntax | 251 To specify a different organizational unit within the directory, include a distinguished name in the LDAP server URL, using LDAP v3 over ...
... Delete-Removes the server from the bind username. To specify the use of LDAP v3, use this LDAP Server. When Microsoft Active Directory is selected as enabled, subsequent operator login attempts will be displayed. l attributes is automatically used. l Enable-Reenables a disabled LDAP ... use the prefix ldaps://. l Duplicate-Creates a copy of name=value pairs. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Advanced LDAP URL Syntax | 251 To specify a different organizational unit within the directory, include a distinguished name in the LDAP server URL, using LDAP v3 over ...
W-ClearPass Guest 6.0 Deployment Guide
Page 253
...'s progress. In the Search Mode field, use the drop-down list to specify whether to search for the specified sponsor. 5. Click Search Directory to attempt to find sponsor names that match the lookup values, or click Cancel to diagnose error messages such as: "LDAP Bind failed: ...Test area is added to the LDAP servers list. 2. In the Lookup field, enter a lookup value. Looking Up Sponsor Names This option is disabled Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Looking Up Sponsor Names | 253 To look up a sponsor, select a server name in the following table can be ...
...'s progress. In the Search Mode field, use the drop-down list to specify whether to search for the specified sponsor. 5. Click Search Directory to attempt to find sponsor names that match the lookup values, or click Cancel to diagnose error messages such as: "LDAP Bind failed: ...Test area is added to the LDAP servers list. 2. In the Lookup field, enter a lookup value. Looking Up Sponsor Names This option is disabled Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Looking Up Sponsor Names | 253 To look up a sponsor, select a server name in the following table can be ...
W-ClearPass Guest 6.0 Deployment Guide
Page 254
...an administrator, hence the name MatchAdmin. 254 | LDAP Translation Rules Dell Networking W-ClearPass Guest 6.0 | Deployment Guide l Verify that you should define multiple LDAP Servers and use ldaps:// or ldap3s:// as part of your directory, and is fixed and must reset password User account is locked ... items to specify LDAP version 3. In the Name field, enter a self-explanatory name for user searches is only required if the directory does not permit anonymous bind. the correct DN will depend on LDAP attributes for version 2 and ldap3:// to consider when troubleshooting LDAP...
...an administrator, hence the name MatchAdmin. 254 | LDAP Translation Rules Dell Networking W-ClearPass Guest 6.0 | Deployment Guide l Verify that you should define multiple LDAP Servers and use ldaps:// or ldap3s:// as part of your directory, and is fixed and must reset password User account is locked ... items to specify LDAP version 3. In the Name field, enter a self-explanatory name for user searches is only required if the directory does not permit anonymous bind. the correct DN will depend on LDAP attributes for version 2 and ldap3:// to consider when troubleshooting LDAP...
W-ClearPass Guest 6.0 Deployment Guide
Page 255
...changes. n Assign custom value to : n Do nothing - n Apply custom processing - When you create multiple rules, you enable it . Dell Networking W-ClearPass Guest 6.0 | Deployment Guide LDAP Translation Rules | 255 This option can build a complete logical structure to match the regular expression "admin" case-... you have created it . 4. evaluates a template that may perform custom processing on the LDAP attributes available in the directory. In the example shown above, if the Administrator group is matched, the Administrator profile is greater than - 3. case...
...changes. n Assign custom value to : n Do nothing - n Apply custom processing - When you create multiple rules, you enable it . Dell Networking W-ClearPass Guest 6.0 | Deployment Guide LDAP Translation Rules | 255 This option can build a complete logical structure to match the regular expression "admin" case-... you have created it . 4. evaluates a template that may perform custom processing on the LDAP attributes available in the directory. In the example shown above, if the Administrator group is matched, the Administrator profile is greater than - 3. case...
W-ClearPass Guest 6.0 Deployment Guide
Page 308
... EAP. field Single item of keys and certificates (PKCS#12). 308 | Glossary Dell Networking W-ClearPass Guest 6.0 | Deployment Guide guest See Visitor. See trust chain. LDAP Lightweight Directory Access Protocol; OCSP Online certificate status protocol (RFC 2560). onboarding See device provisioning.... users and other objects in a digital certificate that supports multiple authentication methods. operator/operator login Person who uses Dell Networking W-ClearPass Guest to securely provision a device and configure it with network settings. for mobile devices, including the iPhone, ...
... EAP. field Single item of keys and certificates (PKCS#12). 308 | Glossary Dell Networking W-ClearPass Guest 6.0 | Deployment Guide guest See Visitor. See trust chain. LDAP Lightweight Directory Access Protocol; OCSP Online certificate status protocol (RFC 2560). onboarding See device provisioning.... users and other objects in a digital certificate that supports multiple authentication methods. operator/operator login Person who uses Dell Networking W-ClearPass Guest to securely provision a device and configure it with network settings. for mobile devices, including the iPhone, ...
W-ClearPass Guest 6.0 Deployment Guide
Page 311
...control, print templates 197 account filters, creating 244 accounting 18, 20 accounts passwords, multiple 177 visitor account 21 Active Directory LDAP authentication 249 active sessions 59-60 administration 219, 236 plugin management 224 Administration module 219 AirGroup authenticating users via ...notifications 220 personal devices 55 registering devices 53 shared locations 53 shared roles 54 tag=value pair 53 alerts, SMS 63 Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Index application log 237 filtering 238 searching 237 viewing 237 applications, installing 78 authentication 18, ...
...control, print templates 197 account filters, creating 244 accounting 18, 20 accounts passwords, multiple 177 visitor account 21 Active Directory LDAP authentication 249 active sessions 59-60 administration 219, 236 plugin management 224 Administration module 219 AirGroup authenticating users via ...notifications 220 personal devices 55 registering devices 53 shared locations 53 shared roles 54 tag=value pair 53 alerts, SMS 63 Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Index application log 237 filtering 238 searching 237 viewing 237 applications, installing 78 authentication 18, ...
W-ClearPass Policy Manager 6.0 Quick Start Guide
Page 14
...1X wireless requests. Table 2: Configure Authentication Navigation and Settings Navigation Settings Select an Authentication Method and an Active Directory server (that you select a Service that are one of this Use Case, accept the preconfigured Service Categorization ...Guest User Repository] [Local SQL DB] 14 Dell Networking W-ClearPass Policy Manager 6.0 | Quick Start Guide In this Type. 2. n Service Categorization Rule: For purposes of the pre-configured Policy Manager Authentication Methods, and Active Directory Authentication Source (AD), an external Authentication Source within...
...1X wireless requests. Table 2: Configure Authentication Navigation and Settings Navigation Settings Select an Authentication Method and an Active Directory server (that you select a Service that are one of this Use Case, accept the preconfigured Service Categorization ...Guest User Repository] [Local SQL DB] 14 Dell Networking W-ClearPass Policy Manager 6.0 | Quick Start Guide In this Type. 2. n Service Categorization Rule: For purposes of the pre-configured Policy Manager Authentication Methods, and Active Directory Authentication Source (AD), an external Authentication Source within...
W-ClearPass Policy Manager 6.0 Quick Start Guide
Page 15
... Repository] [Local SQL DB] [Onboard Devices Repository] [Local SQL DB] > [Admin User Repository] [Local SQL DB] > AmigoPod AD [Active Directory> l Add > l Upon completion, Next (to configure Authorization) The following field deserves special mention: n Strip Username Rules: Optionally, check here to... pre-process the user name (to remove prefixes and suffixes) before sending it maps: Dell Networking W-ClearPass Policy Manager 6.0 | Quick Start Guide 15 Configure Authorization. Policy Manager fetches attributes for use by the Enforcement Policy. Click the...
... Repository] [Local SQL DB] [Onboard Devices Repository] [Local SQL DB] > [Admin User Repository] [Local SQL DB] > AmigoPod AD [Active Directory> l Add > l Upon completion, Next (to configure Authorization) The following field deserves special mention: n Strip Username Rules: Optionally, check here to... pre-process the user name (to remove prefixes and suffixes) before sending it maps: Dell Networking W-ClearPass Policy Manager 6.0 | Quick Start Guide 15 Configure Authorization. Policy Manager fetches attributes for use by the Enforcement Policy. Click the...