Security

Reply
Contributor I
Posts: 50
Registered: ‎06-15-2010

Clearpass - Strip Username Rule Challenge

Airheads,

 

I've ran into an issue when I strip the domain if the users enter their full e-mail address in the authentication form in a captive portal. I'm using the "user:@" strip rule which works fine for AD authentication source but the full e-mail username is needed for Clearpass guest auth source accounts. With this strip rule active users can't login with guest accounts. I don't have the luxury of disabling the rule since some AD users still use their full e-mail to authenticate at times.

 

Anyone have any ideas of how to solve this challenge? I thought that I could possibly use @ouraddomain as separator for AD users but that does not appear to be allowed.

 

Thanks,

Peter

 

Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: Clearpass - Strip Username Rule Challenge

I have run into this and solved it by using a separate employee web login page with two different services. You can key off the page name in the service rules.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: