Security

Reply
Occasional Contributor I
Posts: 6
Registered: ‎10-04-2012

6.3.4.6 issue having role add after Authentication

Hi everyone

 

Is anyone having problem with role not being added after Authenticating in 6.3.4.6. It was working fine till I upgraded now I can not login to cppm or authenticating using 802.x1 with AD credential. Anyone else have a issue after upgrading?

 

Thanks

Raul Bracamontes

LEUSD 

Guru Elite
Posts: 8,447
Registered: ‎09-08-2010

Re: 6.3.4.6 issue having role add after Authentication

Can you login with the admin account and look at access tracker to see what's happening?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 6
Registered: ‎10-04-2012

Re: 6.3.4.6 issue having role add after Authentication

Thanks for Responding Cappalli. 

I am getting this.

 

 

 

Service Name :

AD auth for CPPM ClearPass Admin Access (Active Directory)
Authentication Source :
AD Authentication
Role:
 [User Authenticated], [Other]
Profiles:
[TACACS Deny Profile]

 

The [other]  Role should be TACACS Helpdesk

 

Session ID:
T00000013-01-53c462e7
Time:
Jul 14, 2014 16:08:23 PDT
Status:
AUTHEN_STATUS_FAIL
 
Request Type :
TACACS_AUTHENTICATION
 
Message:
-
Client IP :
127.0.0.1:
Error Category:
Tacacs authentication
Error Code:
Authentication privilege level mismatch
 Alerts for this Request :
Tacacs serverRequested priv_level=[01] greater than Max Allowed priv_level=[00]
 Authorization Requests Messages 
 
Contributor I
Posts: 25
Registered: ‎07-01-2014

Re: 6.3.4.6 issue having role add after Authentication

Check the privilege level in the enforcement profile, you will need to change the MAX level to 1 not 0.  

Occasional Contributor I
Posts: 6
Registered: ‎10-04-2012

Re: 6.3.4.6 issue having role add after Authentication

They have 1

Contributor I
Posts: 25
Registered: ‎07-01-2014

Re: 6.3.4.6 issue having role add after Authentication

Have you defined the tips role Other in the enforcement policy?

Occasional Contributor I
Posts: 6
Registered: ‎10-04-2012

Re: 6.3.4.6 issue having role add after Authentication

[TACACS Deny Profile]
Occasional Contributor I
Posts: 6
Registered: ‎10-04-2012

Re: 6.3.4.6 issue having role add after Authentication

It was working before I did the update.

Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: 6.3.4.6 issue having role add after Authentication

Please make sure you have a TAC case open. Its looks like you might have had a file that did not migrate correctly. It might be as simple as importing an updated dictionary file or TAC may need to login as root.

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor II
Posts: 22
Registered: ‎03-14-2014

Re: 6.3.4.6 issue having role add after Authentication

What was the outcome on this problem?  I am doing a fresh install and have followed the documentation about setting up TACACS and I either get the default read only admin or if I get away from using roles and just enforcement policy I get the same "Requested priv_level=[01] greater than Max Allowed priv_level=[00]" Error.

ACMX #252, ACCP, AWMP, CCNP Wireless & Security
Search Airheads
Showing results for 
Search instead for 
Did you mean: