Security

Hi All,

I am in need of some assistance to setup authentication to Clearpass guest for a receptionist so they only have access to guest.

This is so they can create guest users for devices that connect to their Aerohive wireless.

I have created the account in the local user database. I have documented the rest of the configuration for you so you can advise me where I have gone wrong.

Please see attached.

Can you please advise me where my configuration has gone wrong?

I see the correct application service is being hit, but the authentication source, roles or enforcement do not get populated.

I get this alert on the access tracker:

[Local User Repository]: Failed to execute sql, reason=ERROR: syntax error at or near test"
Position: 1"

Attachment(s)

Guest operator service failure.docx   797 KB 1 version

Looks like an SQL error in the local user auth source. Did you modify the [Local User Repository] auth source at all?

Also give it a try with the [Admin User Repository]

Nope I just created an account under identity > local users section in Clearpass, added username and password and associated a role to the account.

I did also try the admin user repository but in the access tracker got the error: user not found in admin user repository.

I got a bit further this morning as I forgot to enable authorization in the service. I enabled this and found that the authorization source has now been populated with local user repository.  However, the roles is still hitting other and enforcement is still default deny access. I still get this error as the alert:

[Local User Repository]: Failed to execute sql, reason=ERROR: syntax error at or near test"
Position: 1"

Any other ideas on how to proceed further with this?

I have managed to resolve the issue. 

I found the following things that I did not do right initially:

- Authorization was not enabled on the service. 

- I was logging in with the wrong username for the account that I setup in the local user repository. I was using the name instead of the user-id. Note for the future for me. 

Hi,

I have almost similar problem, but is Authorization enabled and login name is ok. Can you please check my configuration ?

ClearPass version is 6.7.0.35289.

Thanks 

Attachment(s)

CP-Operator.docx   539 KB 1 version

do you have authorization enabled on the service?

Yes, Authorization is enabled. As it is in the word file on page 4.

oh sorry missed the attachement. Can you send me the summary tab of the access tracker when you try and login?

Authorization is successfull. But the admin_privileges parametr is not change. it is still the same as the local user role (test123).

Summary tab is attached.