Security

Reply
Occasional Contributor II
Posts: 28
Registered: ‎07-22-2015

Configuring management authentication for ClearPass against AD

Hello Guys, 

 

I am configuring a new service on CPPM so that AD users can manage the ClearPass using their accounts. There is already a service configured with TACAS+ enforcement but the authentication source its using is local database. I have tried adding new autthentciation source "AD" but get the error that its nit editable. I have also tried creating the new service, by follwoing the link below: 

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-Configure-management-authentication-for-ClearPass-against/ta-p/187296

 

But when i try to save it, I am getting the error " Authorization is enabled but no authorization sources are configured"

 

I would appreciate any help, if anyone have dealt with this issue before. Thanks 

 

Kind Regards, 

 

Guru Elite
Posts: 7,853
Registered: ‎09-08-2010

Re: Configuring management authentication for ClearPass against AD

Uncheck the authorization check box on the first tab of the service.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 28
Registered: ‎07-22-2015

Re: Configuring management authentication for ClearPass against AD

Hi Cappalli, 

 

Thanks for your reply. yepp, unchecked the authorization check box it created the service but for this service to work does it have to be before the old service which we were using to login? The authentication source for old service was local dataabase.

 

Does the oder of the service matter? 

 

During the logon using the AD account, in the username box do we have to give the AD name\ and then account name? 

 

I am still unable to login to CPPM using AD account and in the oder first service is using local database as its authentcation source and AD service is 2 nd on the list. 

 

Hope this make sense, plz let me know if you havee any queries. 

 

Thanks 

 

Thanks 

Guru Elite
Posts: 7,853
Registered: ‎09-08-2010

Re: Configuring management authentication for ClearPass against AD

Yes, the new service would have to be higher in the list.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 28
Registered: ‎07-22-2015

Re: Configuring management authentication for ClearPass against AD

Hi, 

 

Thanks for your quick reply, moved the new service to the top of the list but still unable to login using the AD account. Anything else which you can suggest to check? 

 

Thanks

Guru Elite
Posts: 7,853
Registered: ‎09-08-2010

Re: Configuring management authentication for ClearPass against AD

What is access tracker showing?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 28
Registered: ‎07-22-2015

Re: Configuring management authentication for ClearPass against AD

Hi, 

 

Just checked the access tracker, Its showing that thr request has been rejected. I have checked the alert and it states "Authentication Priviliege level mismatch"

 

Thanks 

 

 

Occasional Contributor II
Posts: 28
Registered: ‎07-22-2015

Re: Configuring management authentication for ClearPass against AD

Hi, 

 

Thanks for your all your help..magage to solve this issue. Do you know if its possible to authentciate Aurba controller and Air wave server managment against the AD? 

 

Thanks Agin :)

Guru Elite
Posts: 7,853
Registered: ‎09-08-2010

Re: Configuring management authentication for ClearPass against AD

Yes, both can use the same TACACS+ service, you just need to add additional
enforcement profiles to return the controller and AirWave management roles.
You can also split them out into a separate TACACS+ service if desired.



http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-authe
nticate-Management-users-of-Aruba-Controllers-via/ta-p/187358

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 28
Registered: ‎07-22-2015

Re: Configuring management authentication for ClearPass against AD

Thanks, will do this later and will let you know how it goes!

 

Kind Regards, 

Search Airheads
Showing results for 
Search instead for 
Did you mean: