Security

Reply
New Contributor
Posts: 1
Registered: ‎04-01-2014

Error Code 209; No password in request; MAC authentication

Hi,

 

I am trying to configure MAC authentication with Juniper EX switch. But, I keep getting "No password in request" message in clearpass. Configuration on the switch is enabled for MAC RADIUS authentication.

 

Thanks.

Suresh

MVP
Posts: 561
Registered: ‎11-28-2011

Re: Error Code 209; No password in request; MAC authentication

For MAC auth, Clearpass normally expects the username to be in the request in the password field also.

 

If the Juniper switch isn't doing that, and you can't make it do it, you'll probably have to adjust your mac-auth policy or create another that doesn't look at the password field.

 

Kudos appreciated, but I'm not hunting! (ACMX 104)
New Contributor
Posts: 1
Registered: ‎10-24-2013

Re: Error Code 209; No password in request; MAC authentication

Do I need to adjust the clearpass profile?
If you need to adjust if ClearPass, ClearPass should I support in any way ..?

MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: Error Code 209; No password in request; MAC authentication

for juniper i needed to add the MD5 authentication method instead of MAC auth (even with MAC auth configured on the juniper)

New Contributor
Posts: 2
Registered: ‎12-05-2013

Re: Error Code 209; No password in request; MAC authentication

Sorry to dig up an old thread everyone, but i'm also experiancing this issue exactly as described.

 

Other than enabling md5 as an authentication method, how can you configure ClearPass to not look at the password field? i've tried multiple combinations found on these forums but cannot seem to get this to work!

 

Thanks in advance!

Aruba
Posts: 1,520
Registered: ‎06-12-2012

Re: Error Code 209; No password in request; MAC authentication

If its juniper then I believe it is your only option. I did get this a while back but never had a chance to test.

 

"I ran into this with Juniper a year ago. Working with tech, came up with the attached Auth source (rename to XML file).

 

Don’t know what the “appuser” password is for connecting to SQL so you may have to change it."

 

See attached or create a file named : Juniper_MAC_AuthSource.xml

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
  <TipsHeader exportTime="Wed Aug 15 15:22:55 CDT 2012" version="5.1"/>
  <AuthSources>
    <AuthSource description="Authenticate MAC addresses against local db" name="Juniper MAC Auth" isAuthorizationSource="true" type="Sql">
      <NVPair value="36000" name="cache_timeout"/>
      <NVPair value="tipsdb" name="db_name"/>
      <NVPair value="localhost" name="server"/>
      <NVPair value="appuser" name="login"/>
      <NVPair value="PostgreSQL" name="sql_driver"/>
      <NVPair value="" name="password"/>
      <NVPair value="10" name="timeout"/>
      <Filters>
        <Filter paramValues="" filterQuery="SELECT mac_address AS User_Password FROM tips_endpoints WHERE mac_address = LOWER('%{Connection:Client-Mac-Address-NoDelim}')
" filterName="Authentication"/>
        <Filter paramValues="" filterQuery="SELECT t1.status, (case when t2.device_family is NULL then False else True end) as is_profiled  FROM tips_endpoints t1 LEFT OUTER JOIN tips_endpoint_profiles t2 ON (t1.mac_address = t2.mac) WHERE t1.mac_address = LOWER('%{Connection:Client-Mac-Address-NoDelim}')" filterName="Status">
          <Attributes>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Status" attrName="status"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="IsProfiled" attrName="is_profiled"/>
          </Attributes>
        </Filter>
        <Filter paramValues="" filterQuery="SELECT t1.status, (case when t2.device_family is NULL then False else True end) as is_profiled  FROM tips_endpoints t1 LEFT OUTER JOIN tips_endpoint_profiles t2 ON (t1.mac_address = t2.mac) WHERE t1.mac_address = LOWER('%{Connection:Client-Mac-Address-NoDelim}')" filterName="Profile">
          <Attributes>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="MAC Vendor" attrName="mac_vendor"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Category" attrName="device_category"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="OS Family" attrName="device_family"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Device Name" attrName="device_name"/>
          </Attributes>
        </Filter>
      </Filters>
    </AuthSource>
  </AuthSources>
</TipsContents>

 

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
New Contributor
Posts: 2
Registered: ‎12-05-2013

Re: Error Code 209; No password in request; MAC authentication

Thanks Troy, I'll give it a shot and let you know how it goes.

Super Contributor I
Posts: 293
Registered: ‎04-03-2014

Re: Error Code 209; No password in request; MAC authentication

Hi!

 

Did the above solve your issue? I´m having the exact same thing.

 

Cheers,

Christoffer Jacobsson | Aranya AB
Aruba: ACMX #537 ACCP | CWNP: CWNA CWDP CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: