AAA, NAC, Guest Access & BYOD

How to use ClearPass Guest as External SQL Authentication Source

This article is to setup ClearPass Guest (previously known as Amigopod) as an external Authentication Source for CPPM. This article is valid if ClearPass Guest 3.x and CPPM are installed as two separate servers. This article is no longer necessary for ClearPass 6.x versions where ClearPass Guest and Policy Manager are on same server.

  

ClearPass Guest 3.x server can serve as an external Authentication Source for CPPM.

 

Here is the three step process to achieve this:

  

Step I 
  
1. On ClearPass Guest, select the Local RADIUS Server database under Radius > Database List and click on 'Create'.

 

2. Enter the details for Name, Hostname and Database username

 

3. Provide a new password in the “Database Password” and “Confirm Password” fields

 

4. Set the Database name and click Save Changes

 

5. Restart the RADIUS server when prompted

 

6. Restart the system services when prompted

 

 Step II : Enable remote database access from the ClearPass Guest
 

 1. Navigate to Administrator > System Control > Database Config

 

2. Check “Enable remote access to the database” and Provide IP address of the local CPPM

 

3. Select the security mode “Encrypted — Require an SSL connection”

 

4. Click Save Changes

 

 Step III : Configure SQL Authentication source on CPPM
 

 1. Navigate to Configuration » Authentication » Sources

 

2. Click Add Authentication Source and add a name

 

3. Select Generic SQL DB for 'Type'

 

4. On Primary tab Set Server Name to ClearPass Guest IP address as set for in 'Hostname' in Step I

 

5. Set Port number to same as configured in Step I.  The default PostgreSQL port is 5432.

 

6. Set Database Name to amigopod configured in Step I

 

7. Set Login Username and Password to values configured in Step I.

 

8. Set ODBC Driver to PostgreSQL
 

 9.Configure appropriate SQL filter for example, the following is derived from the local user repository:

SELECT password AS User_Password, CASE WHEN enabled = 0 THEN 225 WHEN ((expire_time is not null AND expire_time <= (select extract (EPOCH FROM now())))) THEN 226 ELSE 0 END AS Account_Status FROM useraccount WHERE username = '%{Authentication:Username}'
 

 10. Click Save.

 

Version history
Revision #:
2 of 2
Last update:
‎07-03-2014 11:49 AM
Updated by:
 
Labels (1)
Contributors
Tags (2)
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.