Security

Reply
Contributor II
Posts: 41
Registered: ‎12-01-2015

False Role on Clearpass

Hi !

 

I have install clearpass and integrated with AD.

 

I have 3 group IT, Finance, and block.

When i connect with user of IT Group i got IT Role

When i Connect with user of Finance Group I got Finance Role

And When i connect with user of Block Group or other i have to Deny, but Right now i got Finance Role,

 

I configure the Services like bellow :

Screenshot (46).png

 

Kindly need your help

 

Thank you in advance

MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: False Role on Clearpass

Can you take a snapshot of access tracker and your role mapping

Sent from Outlook for iPhone
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II
Posts: 41
Registered: ‎12-01-2015

Re: False Role on Clearpass

Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: False Role on Clearpass

Change rule #2 to be an AND

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II
Posts: 41
Registered: ‎12-01-2015

Re: False Role on Clearpass

Screenshot (50).pngScreenshot (51).png

i was change it, but Right now Group IT Can't Connect

 

Group Finance connected

Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: False Role on Clearpass

What does the alerts tab show?



Also, I would just remove the UserDN EXISTS rule. It doesn't add anything.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: False Role on Clearpass

The role mapping rule evaluation change it to "all matches" instead "first applicable"
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: