Security

Reply
Frequent Contributor I
Posts: 270
Registered: ‎09-24-2010

Clearpass Error

Following this procedure to allow an AD group to log into all Aruba controllers in our environment: http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Howto-Authenticate-to-an-Aruba-Controller-via-Clearpass-and/td-p/94828

 

However, I get a java error when trying to configure this.  Tried on different computers, browsers, rebooted, etc.. I have all the firmware and updates available on Clearpass (v6.3.0.61712)

 

Create an Aruba Controller Login Service:
1. Configuration > Services
2. Click "Add Service"
3. Select "Type" of "RADIUS Enforcement ( Generic )"
4. Provide a name for the service, "Aruba Controller Logins"
5. Under "Service Rule" enter the following:
   i. Type - Connection
   ii. Name - "NAD-IP-Address"
   iii. Operator - "BELONGS_TO_GROUP" (this is where it errors out!)
   iv. Value - "Aruba Wireless"

 

error attached

Guru Elite
Posts: 8,456
Registered: ‎09-08-2010

Re: Clearpass Error

It's a known bug. Fixed in upcoming 6.3.1

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 270
Registered: ‎09-24-2010

Re: Clearpass Error

ETA?

Guru Elite
Posts: 8,456
Registered: ‎09-08-2010

Re: Clearpass Error

Temporary solution would be to export the XML file and manually modify it then reimport..

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: Clearpass Error

This month
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Frequent Contributor I
Posts: 270
Registered: ‎09-24-2010

Re: Clearpass Error

I edited the XML.. works like a charm.. THANK YOU!!!!!

New Contributor
Posts: 3
Registered: ‎02-28-2011

Re: Clearpass Error

Hi All

 

I am seeing the same error when loggin to policy manager (/tips) page with only a specific user group. We just upgraded from 6.2r to 6.3.4 yesterday. I am only getting the java error when trying to login with AU Help Desk privilege account.

 

Here is the xml for admin privilege

 

<?xml version="1.0" encoding="UTF-8" standalone="true"?>

-<TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">

<TipsHeader version="6.3" exportTime="Fri Jul 18 15:03:38 EDT 2014"/>


-<AdminPrivileges>


-<AdminPrivilege description="A super administrator is allowed read/write access to all configuration elements" name="Super Administrator" accessType="FULL" allowPasswords="true">


-<AdminTask taskid="con">

<AdminTaskAction type="RWD"/>

</AdminTask>


-<AdminTask taskid="dnd">

<AdminTaskAction type="RWD"/>

</AdminTask>


-<AdminTask taskid="mon">

<AdminTaskAction type="RWD"/>

</AdminTask>


-<AdminTask taskid="sc">

<AdminTaskAction type="RWD"/>

</AdminTask>


-<AdminTask taskid="adm">

<AdminTaskAction type="RWD"/>

</AdminTask>

</AdminPrivilege>


-<AdminPrivilege description="A network administrator is allowed to configure all the policies in the system" name="Network Administrator" accessType="FULL" allowPasswords="true">


-<AdminTask taskid="con">

<AdminTaskAction type="RWD"/>

</AdminTask>


-<AdminTask taskid="dnd">

<AdminTaskAction type="RWD"/>

</AdminTask>


-<AdminTask taskid="mon">

<AdminTaskAction type="RWD"/>

</AdminTask>

</AdminPrivilege>


-<AdminPrivilege description="A help desk person logs in to troubleshoot problems reported by end users" name="Help Desk" accessType="FULL" allowPasswords="true">


-<AdminTask taskid="mon.li.ag">

<AdminTaskAction type="RWD"/>

</AdminTask>


-<AdminTask taskid="mon.li.ad">

<AdminTaskAction type="RWD"/>

</AdminTask>


-<AdminTask taskid="mon.li.ac">

<AdminTaskAction type="RWD"/>

</AdminTask>


-<AdminTask taskid="mon.li.sp">

<AdminTaskAction type="RWD"/>

</AdminTask>


-<AdminTask taskid="mon.li.sy">

<AdminTaskAction type="RWD"/>

</AdminTask>

</AdminPrivilege>


-<AdminPrivilege description="A receptionist is allowed access to main monitoring screens" name="Receptionist" accessType="FULL" allowPasswords="true">


-<AdminTask taskid="mon.li.ag">

<AdminTaskAction type="RWD"/>

</AdminTask>


-<AdminTask taskid="mon.li.ad">

<AdminTaskAction type="RWD"/>

</AdminTask>


-<AdminTask taskid="mon.li.ac">

<AdminTaskAction type="RWD"/>

</AdminTask>


-<AdminTask taskid="mon.li.sp">

<AdminTaskAction type="RWD"/>

</AdminTask>


-<AdminTask taskid="mon.li.sy">

<AdminTaskAction type="RWD"/>

</AdminTask>

</AdminPrivilege>


-<AdminPrivilege description="A read-only administrator is only allowed to read all configuration elements" name="Read-only Administrator" accessType="FULL" allowPasswords="true">


-<AdminTask taskid="con">

<AdminTaskAction type="R"/>

</AdminTask>


-<AdminTask taskid="dnd">

<AdminTaskAction type="R"/>

</AdminTask>


-<AdminTask taskid="mon">

<AdminTaskAction type="R"/>

</AdminTask>


-<AdminTask taskid="sc">

<AdminTaskAction type="R"/>

</AdminTask>


-<AdminTask taskid="adm">

<AdminTaskAction type="R"/>

</AdminTask>

</AdminPrivilege>


-<AdminPrivilege description="An API administrator is only allowed API access to read/write all configuration elements" name="API Administrator" accessType="API" allowPasswords="true">


-<AdminTask taskid="con">

<AdminTaskAction type="RWD"/>

</AdminTask>


-<AdminTask taskid="dnd">

<AdminTaskAction type="RWD"/>

</AdminTask>


-<AdminTask taskid="mon">

<AdminTaskAction type="RWD"/>

</AdminTask>


-<AdminTask taskid="sc">

<AdminTaskAction type="RWD"/>

</AdminTask>


-<AdminTask taskid="adm">

<AdminTaskAction type="RWD"/>

</AdminTask>

</AdminPrivilege>


-<AdminPrivilege description="AU InfoSec" name="AU InfoSec" accessType="FULL" allowPasswords="true">


-<AdminTask taskid="con.id.sh">

<AdminTaskAction type="RWD"/>

</AdminTask>

</AdminPrivilege>


-<AdminPrivilege description="AU help desk" name="AU Help Desk" accessType="FULL" allowPasswords="true">


-<AdminTask taskid="con.id.gu">

<AdminTaskAction type="RWD"/>

</AdminTask>


-<AdminTask taskid="con.id.ep">

<AdminTaskAction type="RWD"/>

</AdminTask>


-<AdminTask taskid="mon.li.ad">

<AdminTaskAction type="RWD"/>

</AdminTask>


-<AdminTask taskid="con.id.sh">

<AdminTaskAction type="RWD"/>

</AdminTask>

</AdminPrivilege>

</AdminPrivileges>

</TipsContents>

New Contributor
Posts: 2
Registered: ‎07-24-2014

Re: Clearpass Error

Experiencing exactly the same issue as described in the post above. Updated to 6.3.2 and now cannot login to the Policy Manager using specific Privilige level. Works for the Super Admin level.

New Contributor
Posts: 2
Registered: ‎07-24-2014

Re: Clearpass Error

This was fixed by having Aruba engineer exporting the role and verifying with the role for which we are able to login to the server. Edited the XML file and imported back to the server. This resolved the issue.

New Contributor
Posts: 3
Registered: ‎02-28-2011

Re: Clearpass Error

What was the edit ?

Search Airheads
Showing results for 
Search instead for 
Did you mean: