Security

I am playing around with an IPA server as LDAP and Domain server and for the live of .. can't get it to authenticate any users. 

LDAP search in the format below works fine.

ldapsearch -x -D "uid=user1,cn=users,cn=accounts,dc=mydomain,dc=auth" -W -H ldap://centos-9-server.mydomain.auth -b "cn=accounts,dc=mydomain,dc=auth"

I can also add it as an ldap server or active directory and it it gets authenticated

See below the LDAP browser output

I tried every available authentication method but nothing seems to work both a Windows 11 and a Iphone (latest IOS) where used

How is the supplicant configured?  Your service has to match an auth method with how the client device supplicant is configured.

I am playing around with an IPA server as LDAP and Domain server and for the live of .. can't get it to authenticate any users. 

LDAP search in the format below works fine.

ldapsearch -x -D "uid=user1,cn=users,cn=accounts,dc=mydomain,dc=auth" -W -H ldap://centos-9-server.mydomain.auth -b "cn=accounts,dc=mydomain,dc=auth"

I can also add it as an ldap server or active directory and it it gets authenticated

See below the LDAP browser output

I tried every available authentication method but nothing seems to work both a Windows 11 and a Iphone (latest IOS) where used

How is the supplicant configured?  Your service has to match an auth method with how the client device supplicant is configured.

I am playing around with an IPA server as LDAP and Domain server and for the live of .. can't get it to authenticate any users. 

LDAP search in the format below works fine.

ldapsearch -x -D "uid=user1,cn=users,cn=accounts,dc=mydomain,dc=auth" -W -H ldap://centos-9-server.mydomain.auth -b "cn=accounts,dc=mydomain,dc=auth"

I can also add it as an ldap server or active directory and it it gets authenticated

See below the LDAP browser output

I tried every available authentication method but nothing seems to work both a Windows 11 and a Iphone (latest IOS) where used

I wanted to follow up on this question. Although I haven't tested it again, I suspect that this was an oversight/error on my end. I did not join the domain which is I think required for MSChapv2 authentication with Clearpass

How is the supplicant configured?  Your service has to match an auth method with how the client device supplicant is configured.

I am playing around with an IPA server as LDAP and Domain server and for the live of .. can't get it to authenticate any users. 

LDAP search in the format below works fine.

ldapsearch -x -D "uid=user1,cn=users,cn=accounts,dc=mydomain,dc=auth" -W -H ldap://centos-9-server.mydomain.auth -b "cn=accounts,dc=mydomain,dc=auth"

I can also add it as an ldap server or active directory and it it gets authenticated

See below the LDAP browser output

I tried every available authentication method but nothing seems to work both a Windows 11 and a Iphone (latest IOS) where used

Yes, ClearPass must have a domain membership relationship with the targeted domain for MS-CHAPv2 to be used.  One of the benefits of moving to TLS is removing that requirement.

I wanted to follow up on this question. Although I haven't tested it again, I suspect that this was an oversight/error on my end. I did not join the domain which is I think required for MSChapv2 authentication with Clearpass

How is the supplicant configured?  Your service has to match an auth method with how the client device supplicant is configured.

I am playing around with an IPA server as LDAP and Domain server and for the live of .. can't get it to authenticate any users. 

LDAP search in the format below works fine.

ldapsearch -x -D "uid=user1,cn=users,cn=accounts,dc=mydomain,dc=auth" -W -H ldap://centos-9-server.mydomain.auth -b "cn=accounts,dc=mydomain,dc=auth"

I can also add it as an ldap server or active directory and it it gets authenticated

See below the LDAP browser output

I tried every available authentication method but nothing seems to work both a Windows 11 and a Iphone (latest IOS) where used