Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass custom RADIUS reply-message(18) based on memberOf

This thread has been viewed 7 times

  • 1.  ClearPass custom RADIUS reply-message(18) based on memberOf

    Posted Oct 20, 2015 01:55 PM

    Can anyone think of a way for ClearPass to generate a custom RADIUS reply-message based on a filtered memberOf string for an authenticated user?

     

    I am trying to work with a device that can give users options based on what RADIUS returns in the reply-message.  I would like to use the memberOf string from an AD query but in alot of cases that string is longer than the reply-message string.  So I need a way to filter the memberOf string before inserting it to the reply-message.

     

    Any ideas?



  • 2.  RE: ClearPass custom RADIUS reply-message(18) based on memberOf

    EMPLOYEE
    Posted Oct 20, 2015 01:57 PM
    You can put any ClearPass variable into that reply, the problem is memerOf
    returns a lot of different items.


  • 3.  RE: ClearPass custom RADIUS reply-message(18) based on memberOf

    Posted Oct 20, 2015 02:13 PM

    OK, so can I stick the memberOf string in a ClearPass variable and then generate a reply-message based on a query of that variable(string)?


    So for example:

    memberOf = "CN=Domain Admins, CN=Domain Users, CN=Registered User, CN=VPN Use";

    String variable;

    If memberOf CONTAINS "CN=Domain Admins" variable +="Domain Admin";

    If memberOf CONTAINS "CN=VPN User" variable+="Domain User";

     



  • 4.  RE: ClearPass custom RADIUS reply-message(18) based on memberOf

    EMPLOYEE
    Posted Oct 20, 2015 02:15 PM
    It's going to be the raw output. You only add to the beginning or end.