AAA, NAC, Guest Access & BYOD

Can Kerbrose authentication source be used for Application authetnication or WEB authentication?

Aruba Employee
Q:

Can we use 'Kerbrose authentication source' to authenticate users for an Application authentication or Web authentication request? Like 'Guest operator login' or 'Onguard user authentication'?



A:

We cannot use 'Authentication source - Type' as Kerbrose to authenticate user for a Application authetnication or WEB authentication request. This is not supported in Clearpass 6.4.x, 6.5.x and 6.6.x versions. When a Kerbrose authentication source is mapped to a custom 'Guest Operator Login' service, we will get the below error message rejecting the request. 

If we place the Policy service module in DEBUG, below are the Dashboard log outputs: 

Request Log: 

2016-09-21 08:25:09,006    [RequestHandler-1-0x7f160a9f4700 r=psauto-1473841713-25 h=79 r=W00000003-02-57e1f68c] INFO Core.ServiceReqHandler - Service classification result = Custom_Guest Operator Logins]
2016-09-21 08:25:09,009    [ajp-apr-8009-exec-4] R:W00000003-02-57e1f68c] ERROR com.avenda.tips.webauthservice.AuthenHandler - Failed to get serverMgr for authSourceId=3001
2016-09-21 08:25:09,009    [ajp-apr-8009-exec-4] R:W00000003-02-57e1f68c] ERROR com.avenda.tips.webauthservice.WebAuthHandler - Failed to perform webauth, reason=InternalErrorInAuthentication

2016-09-21 08:25:09,017    [RequestHandler-1-0x7f160a9f4700 r=psauto-1473841713-26 h=83 r=W00000003-02-57e1f68c] DEBUG IAT.RadiusIOAttrHolder - getValue: Internal attr for attrName=Connection:Client-Mac-Address Value=<NULL>

If the user is not found in the authorization source, still the same error message could be displayed with the below message.

2016-09-02 07:39:59,791 [RequestHandler-1-0x7f9366bd5700 r=psauto-1472781404-31 h=223 r=W00000002-01-57c8df77] INFO Core.ServiceReqHandler - Service classification result = Custom_Guest Operator Logins]
2016-09-02 07:39:59,796 [ajp-apr-8009-exec-3] R:W00000002-01-57c8df77] ERROR com.avenda.tips.webauthservice.AuthenHandler - Failed to get serverMgr for authSourceId=3001
2016-09-02 07:39:59,824 [ajp-apr-8009-exec-3] R:W00000002-01-57c8df77] ERROR com.avenda.tips.dataaccess.db.DbAuthenSession - User 'arun' not present in Admin User Repository](localhost)
2016-09-02 07:39:59,824 [ajp-apr-8009-exec-3] R:W00000002-01-57c8df77] WARN com.avenda.tips.webauthservice.AuthenHandler - Authentication failed @ Admin User Repository]
2016-09-02 07:39:59,824 [ajp-apr-8009-exec-3] R:W00000002-01-57c8df77] ERROR com.avenda.tips.webauthservice.WebAuthHandler - Failed to perform webauth, reason=UserNotFound

Workaround:

It is recommend to use 'Generic LDAP' as 'Authentication source - Type' instead of  'Kerbrose'. 

Version history
Revision #:
2 of 2
Last update:
‎03-27-2017 02:55 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: