Security

Reply
Frequent Contributor II

Clearpass 6.1 response to bad password, user not found

If a user tries to authenticate to clearpass -> Active Directory, and is using the wrong username, or bad password, is the users automatically rejected because they failed auth or are they given the default user role for the profile?   I see the default Radius:Aruba:Aruba-User-Role in the Output> Radius Response in the logs, and was a bit confused. I would think it would not receive any user-role, or a Reject one by default.

 

Re: Clearpass 6.1 response to bad password, user not found

 

It depends of what do you have defined as your default Enforcemet profile (Action) under the Enforcement Policy (Decision)

 

2014-02-07 19_43_29-ClearPass Policy Manager - Aruba Networks.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

Re: Clearpass 6.1 response to bad password, user not found

The enforcement policy is for authorization ONLY. Authentication has to succeed first before the enforcement policy is being evaluated.

 

Bottom-line: if you enter an incorrect username and/or password you will always be rejected.


ACMX#255 | ACMP | ACCP | AWMP
www.securelink.nl
Frequent Contributor II

Re: Clearpass 6.1 response to bad password, user not found

Thanks for the clarification,  the problem I was having was  that users with clearly bad usernames were showing up on my network.  The issue turned out to be not about authentication vs authorization but instead about  inner and outer Identities,  Androids have the builtin settings to auth with one set of credentials but make visible in the logs a different set.  Here is a post with same issue:

 

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Inner-and-outer-identity-802-1x/m-p/139107#M9775

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: