Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass MAB EAP-MD5 with MSSQL

This thread has been viewed 3 times

  • 1.  ClearPass MAB EAP-MD5 with MSSQL

    Posted Apr 26, 2018 11:17 AM

    Ciao,

    Do you know if it's possible to autenticate mac-address using MSSQL when the switch uses EAP-MD5 as protocol?

    Thanks



  • 2.  RE: ClearPass MAB EAP-MD5 with MSSQL

    EMPLOYEE
    Posted Apr 26, 2018 11:20 AM

    Evaluate the MAC address during the authentication phase. For the authentication phase, do an Allow All MAC Auth.



  • 3.  RE: ClearPass MAB EAP-MD5 with MSSQL

    Posted Apr 26, 2018 11:27 AM

    Not the [EAP MD5] ???

     



  • 4.  RE: ClearPass MAB EAP-MD5 with MSSQL
    Best Answer

    EMPLOYEE
    Posted Apr 26, 2018 11:39 AM
      |   view attached

    If the switch can only do EAP-MD5, you'll need to do this workaround.

     

    1. Extract and Import the attached static host list.
    2. Create a new Static Host List authentication source and select the SHL previously imported
    3. Use this as the auth source along with [EAP MD5] as the method
    4. Add the SQL auth source as an additional authorization source

     

    Screen Shot 2018-04-26 at 11.37.38 AM.png

     



  • 5.  RE: ClearPass MAB EAP-MD5 with MSSQL

    Posted Apr 26, 2018 01:48 PM


  • 6.  RE: ClearPass MAB EAP-MD5 with MSSQL

    Posted Apr 27, 2018 09:30 AM

    Thanks Tim

    However now I've this error regarding authorization. I attach the logs and SQL  cfg



  • 7.  RE: ClearPass MAB EAP-MD5 with MSSQL

    EMPLOYEE
    Posted Apr 27, 2018 09:32 AM

    1) Your query for MAC address should be %{Connection:Client-Mac-Address} instead of username

    2) Does the query work when you test in the attribute builder?