Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Authentication for Management Users via ClearPass

This thread has been viewed 0 times

  • 1.  Authentication for Management Users via ClearPass

    Posted Jan 29, 2013 05:39 PM

    Does anyone have any insight into using ClearPass for Auth of Admin users on the Aruba Controllers.   I have the Radius connection, however the request coming from Aruba Controllers themselves show very different then aruba wireless users coming from a wireless connection.  What details from the radius request do I want to scrutinize on the ClearPass server to determine it is a Aruba Admin Auth request, and then handle properly?

     

     

     



  • 2.  RE: Authentication for Management Users via ClearPass

    Posted Jan 29, 2013 05:56 PM

    you can use "Service-Type: Administrative-User" as one of the condition to match the respective policy.

     

     

    can see the sample request attributes :

     

     

    Jan 29 14:44:29 :124038:  <INFO> |authmgr|  Selected server qasecurity for method=Management; user=shabaresha,  essid=<>, domain=<>, server-group=radius
    Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_api.c:339] Radius authenticate user (shabaresha) PAP using server qasecurity
    Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_api.c:1108] :L3 User lookup failed, skipping Aruba-Port-ID
    Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_request.c:53] Add Request: id=140, srv=10.4.11.100, fd=74
    Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:949] Sending radius request to qasecurity:10.4.11.100:1812 id:140,len:167
    Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  NAS-IP-Address: 10.4.11.103
    Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  NAS-Port-Id: 0
    Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  NAS-Port-Type: 5
    Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  User-Name: shabaresha
    Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:962]  Password: *****
    Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Calling-Station-Id: 10.4.11.250
    Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Called-Station-Id: 000B866D1B60
    Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Framed-IP-Address: 10.4.11.250
    Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Service-Type: Administrative-User
    Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Aruba-Essid-Name:
    Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Aruba-Location-Id: N/A
    Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Aruba-AP-Group: N/A
    Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  NAS-Identifier: shabaresha
    Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Message-Auth: Yp\265\304\316\212\227\272\310u\346[pIVE
    Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_request.c:76] Find Request: id=140, srv=10.4.11.100, fd=74
    Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_request.c:82]  Current entry: srv=10.4.11.100, fd=74