Security

Reply
Occasional Contributor II

Clearpass Authorization Sources:

non-essential background info:

 

I just recently went through a major upgrade to our CPPM environment from a previous "regime." Things are interesting with the way things work running on our environment....most recent is Safari issues on their latest code release.  The way the configs are setup, we have those guests using safari pointing to 2 different DBs. We have a second guest network running, and it appears as though those client are working fine.

 

To the point question:

CPPM has multiple DBs to use.  Insight, Endpoint Repository, Local User, etc.  We have about 12 - 13 different DBs.  

a.  why so many?

b.  if defined, when a guest registers, which db will they get placed into by default?

c.  is it possible they will get inserted into 2 based on the configuration?

d.  Can you define a policy that will search more than DB to define the guest?

e.  Can you create your own customized DB (I'm assuming yes)?

 

I'm sure I will have more to come.  I've searched the help for what each named DB does/should be responsible for and I haven't found it yet.

 

Many thanks!

Guru Elite

Re: Clearpass Authorization Sources:

a.  Because they store different data and are used for different purposes

b.  Guest User Repository

c.  No

d.  Each authentication source will be checked until the user is found

e.  Internal, no. External, yes.


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Clearpass Authorization Sources:

Is there an online document/resources that gives this information?  If so, would you mind placing a link?

 

Perhaps a random question; is the Guest User repository tied to the Clearpass Licenses?

 

Whats the Difference between Guest User repository, Guest Device Repository, and Endpoints Repository?  Why would I choose one over the other?

 

Oh yeah, this abyss gets deeper....  

 

Thank you guys!

 

Guru Elite

Re: Clearpass Authorization Sources:

Documentation for what? I’m not sure what you’re asking.

 

Guest licenses are gone in ClearPass 6.7 and are included as part of the access license.

Guest User repository holds guest user accounts.
Guest Device Repository holds device registrations
Endpoints Repository holds system and custom attributes about devices (profiling, EMM sync, etc).

I’m not sure what you mean by choosing one over the other. It’s dictated by the workflow you’re using.


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Clearpass Authorization Sources:

I'm just curious to know where I can find documentation pertaining to what each DB is used for, or what their purpose is. 

 

I have a feeling some of the Authorization sources are being mis-used etc.  We use 2 different "Guest accounts" and given the size of our company with Global footprint, we are on 6.6.5 so the Guest Licenses still apply to us.  As example, we are licensed for 50K Policy Manager Licenses; 15K Guest licenses...and using a percentage of each.

 

 

 

 

 

 

 

 

Guru Elite

Re: Clearpass Authorization Sources:

Each device authenticated against a guest user account consumes a guest license prior to 6.7

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: