Security

Hi,  

I am having an issue getting the Downloadable user roles to work.  I have followed the Wired Policy Enforcement SolutionGuide and have tested on numerous switches but keep getting the same error.   

05204 dca: Failed to apply user role
DUR_HPE_ACCESS_POINT-3028-1_7Z4q to macAuth client C8B5ADxxxx on
port 5: user role is invalid.

05620 dca: macAuth client C8B5ADC8xxxx on port 5 assigned to
initial role as downloading failed for user role

I have checked the read-only account required and as I am using the Self-signed Cert on Clearpass for testing tried by Certifcates available within the trusted with no luck.  

What am I doing wrong?

Thanks,

Thanks,  I have tried both the advanced and now on 6.7 the standard as per the updated document.   

If you think the error is due to the self signed certificate I will take a look at changing this.

Many Thanks Again

I have run into a couple issues with this and found the following:

- When creating the ACL, do NOT put blank lines between the entries

- The Policy Name has a character length limitation. Try reducing it to 8 characters or less. I am not sure what the upper limit is. 

I dont recall either of these issues on earlier versions of code. Seems to be with CPPM 6.7 and/or 16.05 

Hi Tim I noticed your response saying that self signed certs can't be used. I thought you could use the https cert from the CPPM on the switch for DUR, not that secure but as I am trying to do a PoC seemed like the quickest way to go. I am sure I seen it in one of the online videos in the clearpass workshop. 

Couldl you confirm please?

Thank you