Security

Reply
Occasional Contributor II

Clearpass Guest Device Sponsor Name

Hi,

 

I have a MacTrac service that allows end users to create their own devices. I have a web auth service that catches these created devices but I'm struggling to check if the sponsor name exists within AD.

 

When I use the following mapping:

 

(Authorization:[Guest Device Repository]:SponsorName  EXISTS   )

 

I see the AccountStatus, RemainingExpiration and SponsorName attributes to match against.

 

Untitled.png

 

With this in mind I have created the following AD filter and added AD to my list of authorization sources.

 

Filter Name: Sponsor Name Check

Filter Query: (&(objectClass=user)(sAMAccountName=%{Authorization:[Guest Device Repository]:SponsorName}))

Name:memberOf, AliasName:Sponsor Name AD Group, DataType:String

 

When I map against the following I don't get any authorization attributes from the AD source

 

(Authorization:Active Directory:Sponsor Name AD Group  EXISTS   )

 

Any ideas on where I might be going wrong?

 

Cheers

Shaun

Guru Elite

Re: Clearpass Guest Device Sponsor Name

Do you have that AD authentication source as an additional authorization source in your service?

 

Also, better to use UserDN EXISTS.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Clearpass Guest Device Sponsor Name

As ever Tim thanks for the reply,

 

AD is definatley in as an authorization source.

 

This is what I see when I use UserDN Exists,

 

Untitled.png

 

Any ideas?

 

Cheers

Shaun

Guru Elite

Re: Clearpass Guest Device Sponsor Name

Test it by putting the same username in the field on the Attributes tab of the Authentication filter of the authentication source.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Clearpass Guest Device Sponsor Name

Sorry I could not get this to work but instead I'm using the following you sorted for someone else.

 

http://community.arubanetworks.com/t5/Security/Using-ClearPass-guest-device-registration-for-additional/m-p/311814

 

The SQL for the Role ID works very well for my specific purpose so I'm happy downing tools on the AD/SponsorName side of things.

 

Thanks again for your help

 

Cheers

Shaun

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: