Security

last person joined: 18 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass - Endpoint Repository - Default filters

This thread has been viewed 10 times

  • 1.  ClearPass - Endpoint Repository - Default filters

    Posted Feb 26, 2015 11:59 PM

    Can someone please explain how the default filters work for the Endpoint Repository authentication source?

     

    For example, I want to add a new authentication filter to be able to perform authentication of a device based on a username that's not a MAC address. 

     

    If i add a new filter such as below:

    Name : UDID Authentication
    Filter Query = SELECT UPPER(tag_value) AS User_Password FROM tips_endpoints_attr_view WHERE tag_name = 'UDID' and tag_value = LOWER('%{Authentication:Username}')

     

    The authentication requests that come in fail as no user can be located. 

    If however i modify the default filter which is in position 1 to run the same query with the same filtername, it works. 

     

    Is Authentication to the endpoint repository specifically tied to one of the default filters? 

    Why are there duplicate entries in the Endpoint Repository for the default filters?

     

     



  • 2.  RE: ClearPass - Endpoint Repository - Default filters

    EMPLOYEE
    Posted Feb 27, 2015 12:15 AM
    In order to pass auth, you need to use the Authentication filter.


  • 3.  RE: ClearPass - Endpoint Repository - Default filters

    Posted Feb 27, 2015 12:27 AM

    What is unique about that filter? is it the position of the filter in the list? The name doesn't seem to matter, just the positioning. 



  • 4.  RE: ClearPass - Endpoint Repository - Default filters

    EMPLOYEE
    Posted Feb 27, 2015 12:28 AM
    It's an internal context for passing authentication. 


    Thanks, 
    Tim


  • 5.  RE: ClearPass - Endpoint Repository - Default filters

    Posted Mar 02, 2015 04:42 PM

    Ok so what ties it to the internal authentication, the position in the list or the fact that it contains the Authentication label?   For example. If it leave the default settings and just add a new filter called "UDID Authentication" down the bottom of the list and then try and attempt authentication using the new attributes (i'm essentially trying to do MAC authentication but with the UDID as u/p instead). The authentication fails as the username cannot be found (presumably cause it's still looking for a MAC address).   If however i modify filter 1 and make it the UDID authentication (exactly the same filter) it works.   I'm confused as to the inner workings of this? Ultimately i'd like to be able to run both filters concurrently so that i can perform endpoint checks by MAC address for the services that suit them (eg 802.1x) and UDID mapping for the RADIUS enforcement of other applications (web based apps).  It seems there can only be one authentication filter, yet the default config has the Authentication filter listed twice for some reason.