Security

Reply
MVP
Posts: 2,992
Registered: ‎10-25-2011

Clearpass roles

Hello i was trying to set up in clearpass that it assign a role i want on the controller

I already got on the dropdown on the clearpass guest all the roles i want

So i create a new guest user and i assign it a role

That role got a number like

the 3 default ones

Contractor 

guest =2

employee =3

Andi added a new one

3MB = 5

 

So i create the service i need  for that

Depending on which roles it get he will get the enforment profiles that i want.

Anyways

Clearpass.PNG|As you see im getting the roles 3MB that i know that it should be there because when i created the account i selected that role so its sending that role.  What i dont understand is why its assigning [Guest] and [user authenticated] role, where he is getting those roles?  this do affect  the evaluation of which enforment profile use( for example it was assigning a enforment profile that sue [guest]  so at the end i had to move the enforment profile that use [3MB] before that one(what im doing is working, but i want to understand where im getting that [guest] role??

it is assigned by default? and i ll always get it? or how can i see why he is getting that role?

i dont use too much clearpass so im kind of  lost here.

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 8,460
Registered: ‎09-08-2010

Re: Clearpass roles

[User Authenticated] is an internal tag given to requests that pass a user authentication.

 

Can you provide a screenshot of your role map and and enforcement policy?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 2,992
Registered: ‎10-25-2011

Re: Clearpass roles

sure Here they are

rolemapping.PNG

enforment policy.PNG

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 8,460
Registered: ‎09-08-2010

Re: Clearpass roles

Your config looks correct. Were you testing both sets back to back? The role
could have just been cached.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 2,992
Registered: ‎10-25-2011

Re: Clearpass roles

I had it like this before

enforment policy before.PNGIf you see the tips equials guest was first, so  i was getting the device with guest role instead of 3MB role...

Like you saw in the access tracker i showed you as it was getting the guest, 3mb roles, he was assigning the wrong enforment profile...

But what i dont understand is why he is putting the [Guest] role in first place.

user.PNGThe only role he should get is the 3mb role as its the one i already picked wheni created the user. or at least that what i though, but when i saw the access tracker i saw that he was assigning also the [Guest] role..

 

Do you know why he is doing that?

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Search Airheads
Showing results for 
Search instead for 
Did you mean: