Security

Reply
Frequent Contributor II
Posts: 119
Registered: ‎10-31-2012

Authentication for Management Users via ClearPass

Does anyone have any insight into using ClearPass for Auth of Admin users on the Aruba Controllers.   I have the Radius connection, however the request coming from Aruba Controllers themselves show very different then aruba wireless users coming from a wireless connection.  What details from the radius request do I want to scrutinize on the ClearPass server to determine it is a Aruba Admin Auth request, and then handle properly?

 

 

 

Aruba Employee
Posts: 13
Registered: ‎12-08-2011

Re: Authentication for Management Users via ClearPass

you can use "Service-Type: Administrative-User" as one of the condition to match the respective policy.

 

 

can see the sample request attributes :

 

 

Jan 29 14:44:29 :124038:  <INFO> |authmgr|  Selected server qasecurity for method=Management; user=shabaresha,  essid=<>, domain=<>, server-group=radius
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_api.c:339] Radius authenticate user (shabaresha) PAP using server qasecurity
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_api.c:1108] :L3 User lookup failed, skipping Aruba-Port-ID
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_request.c:53] Add Request: id=140, srv=10.4.11.100, fd=74
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:949] Sending radius request to qasecurity:10.4.11.100:1812 id:140,len:167
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  NAS-IP-Address: 10.4.11.103
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  NAS-Port-Id: 0
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  NAS-Port-Type: 5
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  User-Name: shabaresha
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:962]  Password: *****
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Calling-Station-Id: 10.4.11.250
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Called-Station-Id: 000B866D1B60
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Framed-IP-Address: 10.4.11.250
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Service-Type: Administrative-User
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Aruba-Essid-Name:
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Aruba-Location-Id: N/A
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Aruba-AP-Group: N/A
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  NAS-Identifier: shabaresha
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Message-Auth: Yp\265\304\316\212\227\272\310u\346[pIVE
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_request.c:76] Find Request: id=140, srv=10.4.11.100, fd=74
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_request.c:82]  Current entry: srv=10.4.11.100, fd=74

 

 

 

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: