Higher Education

last person joined: 11 days ago 

Got questions on how to enable mobility in education? Submit them here!
Back to discussions
Expand all | Collapse all

Clearpass Admin Access Question

This thread has been viewed 1 times

  • 1.  Clearpass Admin Access Question

    Posted Feb 15, 2016 01:08 PM

    If I use the Clearpass Admin Access (Active Directory) wizard to add Read Only / Help Desk users and set it up like so:

     

    CPPM Helpdesk.PNG

     

    Will my local superuser admin account still work?

     

    Thanks Gang!



  • 2.  RE: Clearpass Admin Access Question

    EMPLOYEE
    Posted Feb 15, 2016 01:11 PM
    Yes, local admin users will always work 

    Sent from Nine


  • 3.  RE: Clearpass Admin Access Question

    Posted Feb 15, 2016 01:27 PM

    Thanks Cappi!!!



  • 4.  RE: Clearpass Admin Access Question

    Posted Feb 15, 2016 03:26 PM

    Okay Cappi, riddle me this; I go through the wizard and set everything up, choosing our existing AD server that is already set up and with the appropriate AD groups. Yet it keeps failing. Access tracker keeps telling me it cannot find me in the local database. Why is it looking there when I thought we just set it up to look to AD for it?

     

    Also, at the beginning of the wizard, it asks for a prefix, what prefix would that be?

     

    (I am not an AD guy so this is new territory for me)



  • 5.  RE: Clearpass Admin Access Question

    MVP
    Posted Feb 16, 2016 02:09 PM

    Under Configuration -> Services, the services are accessed in order from top to bottom. I believe that, by default, a new service is added at the bottom to minimixze disruption on a production server.

     

    You can use the Reorser button to move your new service before others.



  • 6.  RE: Clearpass Admin Access Question

    Posted Feb 18, 2016 10:31 AM
    @bosborne@liberty.edu wrote:

    Under Configuration -> Services, the services are accessed in order from top to bottom. I believe that, by default, a new service is added at the bottom to minimixze disruption on a production server.

     

    You can use the Reorser button to move your new service before others.

    The reorder did the trick! Thanks Bosborne !



  • 7.  RE: Clearpass Admin Access Question

    Posted Feb 18, 2016 12:57 PM
    Keep in mind that every modification to a service and/or addition of a service rewrites the radius.cfg file in the backend. Always best to make changes to production systems in maintenance windows... #duh

    - Ryan -


  • 8.  RE: Clearpass Admin Access Question

    MVP
    Posted Feb 18, 2016 01:11 PM

    Ryan,

     

    Have you seen any issue makeing modificatons during producton?

     

    Obviously, when addinfg a new role it is best to enter the role mapping last to minimize disruption.



  • 9.  RE: Clearpass Admin Access Question

    Posted Feb 18, 2016 01:30 PM
    It was an extraordinary disruption. Our identity team that provided our service account for LDAPS authorization neglected to disable password expiration. Our password expired, but services sustained because ClearPass maintained the LDAP sockets opened. When we modified a service, it rewrote the radius.cfg, causing the sockets to close and attempted to reopen. At that point, the password had already expired and authorization began to fail. Full wireless outage.

    I only mentioned it so folks know that's what happens in the background. I didn't before, and now that I know that affecting one service can touch/affect them all, I'm much more cautious. I tread very lightly with ClearPass changes.


  • 10.  RE: Clearpass Admin Access Question

    EMPLOYEE
    Posted Feb 18, 2016 01:35 PM
    Many times you will noticed requests that cannot be processed after making a
    change at high traffic times.