Security

Reply
Contributor I

Authenticate external tacacs to ClearPass WebUI

In a recent presentation about CP 6.7 I’ve found a slide that says:

 

External TACACS server for ClearPass WebUI authentication support.

 

Unfortunately, I cannot find this option in 6.7, nor can i find anything about this in the 6.7 user guide. Does anybody know how to configure this?

----------------------------------------------------------------------------------------
Aruba ACCX #748, ACDX #758, ACMP, ACEAP | HPE Master ASE
Contributor I

Re: Authenticate external tacacs to ClearPass WebUI

I found it:

Page 548 in the user guide. 

 

configurable under:

Cluster wide paramaters > Tacacs

 

 

----------------------------------------------------------------------------------------
Aruba ACCX #748, ACDX #758, ACMP, ACEAP | HPE Master ASE
Contributor I

Re: Authenticate external tacacs to ClearPass WebUI

 

I'm missing the configuration part of this.

 

For a customer, i want to use their cisco tacacs+ server and use clearpass as a tacacs+ client for remote webui login.

 

What tacacs attrributes can i send from the server to clearpass? can i just send a Privilige Level, like: Super Administrator

 

Do i need to configure any service in clearpass, or does it really behave as a 100% tacacs client?

----------------------------------------------------------------------------------------
Aruba ACCX #748, ACDX #758, ACMP, ACEAP | HPE Master ASE
New Contributor

Re: Authenticate external tacacs to ClearPass WebUI

Has anyone successfully configured CPPM to use an external TACACS server yet?

 

Any idea what av_pairs CPPM is looking for?

 

Guru Elite

Re: Authenticate external tacacs to ClearPass WebUI

TACACS+ does not use avpair.

 

The cpass:HTTP service is used with the AdminPrivilege attribute.

 


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: