Security

I'm trying to implement TACACS access to our Clearpass device using AD credentials. So far I have got an AUTHEN_STATUS_PASS and a role of [Aruba TACACS Root Admin]. However in the access tracker alerts there is a message "Tacacs server Tacacs service=cpass:http not enabled". What does this message indicate?

Under Administration > Dictionaries > TACACS+ Services, do you have the cpass:http dictionary?

Yes it's there in the list (number 5).

In your enforcement profile, do you have cpass:HTTP enabled in the Services tab?

This what I have under the profile -

You'll need to duplicate the profile since it's a built in one. Then add the cpass:HTTP to the "Selected Services" box and then you can add in the appropriate attribute in the Service Attributes area.

I've made the change and it all looks ok from the CPPM end (no errors shown) however the browser login page is showing "Invalid Username or Password specified"

If you are just trying to give Super Admin priveleges to ClearPass, try using the built-in [TACACS Super Admin] enforcement profile.

Sorry cappali, forgot to change the service attribute - I've now replaced it with one for the cpass:http with Super Administrator and its now working - thanks very much for your help.