Security

Reply
New Contributor

CPPM Access Tracker

Hello.  I am trying to resurrect a once-working CPPM policy/service which responded to a user's login attempt on CPGuest and queries AD and the local guest db.  When testing with a client, I am prompted with the WEB UI page from the policy, but fail authentication with 'Invalid Username or Password.'  I try to check the attempt in Access Tracker, but no entries appear.  Confused as to how I can attempt the authentication without tripping a tracker event.  Any guidance is appreciated.  Thank you!

Guru Elite

Re: CPPM Access Tracker

Look in Event Viewer to see if the there is an error starting the network device is not defined.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor

Re: CPPM Access Tracker

Tim....thanks for the quick reply.  I do not see any events in Event Viewer mentioning that error.  

KDI
Contributor I

Re: CPPM Access Tracker

CPPM Access Tracker No Entry for authentication attempt. 

I am troubleshooting a similar problem.

While deploying Mac Caching we unveiled an anomaly in our test bed while changing services and deploying Student and Staff MAC Caching. We have 2 Mac Caching services for students and 2 for staff . Our issue  doesn’t cause a problem but we are trying to understand why it’s happening.  We make a change to a service named Student Access with MAC Caching.. We authenticate using that service.  We see authenticated on device but no entry in CPPM Access Tracker. The next service called Student Mac Caching Service will deny the request and an Access tracker entry appears.

We really want to see an Access tracker entry for the changed service named Student Access with MAC Caching.

We reverse the change and of course we get an entry.

The change is as follows;

In our Student Access with MAC Caching service we change a service rule reading:

                Radius:Aruba         Aruba-Essid-Name     Equals     Student

                Radius:Aruba         Aruba-Essid-Name     Equals     Staff

 I have pulled log files for the service prior to the change and see no entry in log files for anything initiating an entry for CPPM Access tracker.  I have also looked at Event Viewer and do not see any instance of this or any other authentication event or entry event for Access Tracker. 

MVP

Re: CPPM Access Tracker

jkeco, I would check the authentication server-group configuration to make sure the requests are definitely being sent to Clearpass. You can also run 'show aaa authentication-server radius statistics' to check the RADIUS packets are being sent and responded to.

 

KI, have you tried blacklisting and unblacklisting the user on the Aruba controller after the changes to the service have been made? If the user entry still exists in the user-table then they will not need to re-authenticate.

 

David
ACDX #98 | ACMP | ACCP
New Contributor

Re: CPPM Access Tracker

Thanks for the replies, guys!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: