Security

Reply
Occasional Contributor II
Posts: 11
Registered: ‎11-22-2016

ClearPass Authentication against AD issue

Hello, I am still trying to figure out connection between CP and the controller. I am working on a service that authenticates users using the AD, I can see on the access tracker that ClearPass is giving me the "accept" login status but for some reason the controller sends me to a different segment on the net. does this have to do with the controller roles?

I appreciate any help with this issue, thank you in advance

Guru Elite
Posts: 8,332
Registered: ‎09-08-2010

Re: ClearPass Authentication against AD issue

What enforcement profiles are you returning?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 11
Registered: ‎11-22-2016

Re: ClearPass Authentication against AD issue

the default [Allow access profile] if the user is part of the development department

 

Authorization: BPI AD: Department EQUALS Desarrollo

 

Im still confused with role and profiles

Guru Elite
Posts: 8,332
Registered: ‎09-08-2010

Re: ClearPass Authentication against AD issue

So that means the user will be in the default 802.1X role in the controller.  Which role is configured there?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 11
Registered: ‎11-22-2016

Re: ClearPass Authentication against AD issue

The roles on the AAA profile are as follows

Initial role = logon

Mac Auth def role = guest

802.1X auth default role = authenticated

 

Guru Elite
Posts: 8,332
Registered: ‎09-08-2010

Re: ClearPass Authentication against AD issue

Without knowing your network, this is difficult to troubleshoot.

 

Couple of things:

1) Are you using Aerohive or Aruba? Your profiler tab is using an Aerohive CoA. If you're using Aruba, you need to use the Aruba one.

 

2) When you say different segment of the network, what are you referring to? A VLAN? 

 

3) What VLAN is configured on your virtual AP profile? What VLAN is the user expected to get?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 11
Registered: ‎11-22-2016

Re: ClearPass Authentication against AD issue

1) well that may be one of the issues, im using an aruba controller.

2) the IP that i am getting once i get the accept login status is 169.254.132.150. I uploaded a png image showing the network details

3) Im using default VLAN 1 on all configurations

Guru Elite
Posts: 8,332
Registered: ‎09-08-2010

Re: ClearPass Authentication against AD issue

Is VLAN 1 the correct VLAN for your network?

Is VLAN 1 configured in the VAP profile?

What forwarding mode are your APs configured for?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 11
Registered: ‎11-22-2016

Re: ClearPass Authentication against AD issue

yes VLAN1 is the correct one and it is configured on the vap, I will check the forwarding mode on monday since im out of the office, thank you for your help Tim, have a good weekend

Occasional Contributor II
Posts: 11
Registered: ‎11-22-2016

Re: ClearPass Authentication against AD issue

I managed to get the service working, I created an user role on the controller and used it as the 802.1X authentication default role on the AAA profile. Then created the Enforcement profile and Enforcement policy to use on the service, it seems that I was missing those steps. Also I had to modify the network connection to not verify the identity of the server by certificate validation. The service is working on Windows 7 machines but not on Windows 10. I'm still checking here on the forum for a solution on authentication with Win10 machines.

Search Airheads
Showing results for 
Search instead for 
Did you mean: