Security

Hi,

I have a MacTrac service that allows end users to create their own devices. I have a web auth service that catches these created devices but I'm struggling to check if the sponsor name exists within AD.

When I use the following mapping:

(Authorization:[Guest Device Repository]:SponsorName  EXISTS   )

I see the AccountStatus, RemainingExpiration and SponsorName attributes to match against.

With this in mind I have created the following AD filter and added AD to my list of authorization sources.

Filter Name: Sponsor Name Check

Filter Query: (&(objectClass=user)(sAMAccountName=%{Authorization:[Guest Device Repository]:SponsorName}))

Name:memberOf, AliasName:Sponsor Name AD Group, DataType:String

When I map against the following I don't get any authorization attributes from the AD source

(Authorization:Active Directory:Sponsor Name AD Group  EXISTS   )

Any ideas on where I might be going wrong?

Cheers

Shaun

Do you have that AD authentication source as an additional authorization source in your service?

Also, better to use UserDN EXISTS.

As ever Tim thanks for the reply,

AD is definatley in as an authorization source.

This is what I see when I use UserDN Exists,

Any ideas?

Cheers

Shaun

Test it by putting the same username in the field on the Attributes tab of the Authentication filter of the authentication source.

Sorry I could not get this to work but instead I'm using the following you sorted for someone else.

http://community.arubanetworks.com/t5/Security/Using-ClearPass-guest-device-registration-for-additional/m-p/311814

The SQL for the Role ID works very well for my specific purpose so I'm happy downing tools on the AD/SponsorName side of things.

Thanks again for your help

Cheers

Shaun