Security

Reply
Regular Contributor II
Posts: 222
Registered: ‎09-11-2013

Fetching guest accounts with API not working!

[ Edited ]

Hi Forum,

 

I have found in this forum how to fetch guest accounts from clearpass with an API call. It looks something like what's in the link:

https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-create-update-delete-ClearPass-Guest-Accounts-using-REST/ta-p/243745

 

I have done all the required steps for the API and found my authorization token for Bearer and have the authorization test call returning the correct privileges for my API guest operator (this is an API client with grant type=password). here are the step I have taken to accomplish that:

 

curl -X POST "https://clearpass.mydomain.com:443/api/oauth" \

-H "Content-Type: application/json" \

-d '{"grant_type": "password", "client_id": "apiclient", "client_secret": "DuvIvc....", "username": "testtest", "password": "aruba123"}' \

-m 30 \

-v \

-k

 

 

From that I got the authorization token and used it below to make sure I get back the correct API privileges access:

curl -X GET "https://clearpass.mydomain.com/api/oauth/privileges" \

-H "Accept: application/json" \

-H "Authorization: Bearer 3f8a2d......" \

-m 30 \

-v \

-k

 

So I took that code for Bearer and used the info in the link above to fetch my guest list like so:

curl  -X GET "https://clearpass.mydomain.com/api/guest/3066" \

     -H "Content-Type: application/json" \

     -H "Authorization: Bearer 3f8a2d...." \

           -m 30 \

            -v \

            -k

 

 

This last part is not working and I wounder if ClearPass 6.6.2(mine) has something that is differant from what's in the document??

 

 

Here is the error I get:

 

 

 

 

 

 

 

 

 

 

 

 

curl -X GET "https://clearpass.mydomain.com/api/guest/3066" \
>      -H "Content-Type: application/json" \
>      -H "Authorization: Bearer 3f8a2d......" \
>            -m 30 \
>             -v \
>             -k
Note: Unnecessary use of -X or --request, GET is already inferred.
* Trying 10.10.10.67...
* Connected to clearpass.mydomain.com (10.10.10.67) port 443 (#0)
* TLS 1.2 connection using TLS_RSA_WITH_AES_128_CBC_SHA
* Server certificate: clearpass.mydomain.com
> GET /api/guest/3066 HTTP/1.1
> Host: clearpass.mydomain.com
> User-Agent: curl/7.49.1
> Accept: */*
> Authorization: Bearer 3f8a2d......
>
< HTTP/1.1 404 Not Found
< Date: Fri, 21 Oct 2016 19:48:11 GMT
< Server: Apache
< Vary: X-Forwarded-For
< X-Powered-By: PHP/5.6.25
< Content-Length: 119
< Content-Type: application/problem+json
<
* Connection #0 to host clearpass.mydomain.com left intact
{"type":"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html","title":"Not Found","status":404,"detail":"Not found"}Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:  /
* IDN support not present, can't parse Unicode domains
* Could not resolve host:  
* Closing connection 1
curl: (6) Could not resolve host:  
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:  /
* IDN support not present, can't parse Unicode domains
* Could not resolve host:  
* Closing connection 2
curl: (6) Could not resolve host:  
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:  -H/
* IDN support not present, can't parse Unicode domains
* Could not resolve host:  -H
* Closing connection 3
curl: (6) Could not resolve host:  -H
Note: Unnecessary use of -X or --request, GET is already inferred.
* Could not resolve host: Content-Type
* Closing connection 4
curl: (6) Could not resolve host: Content-Type
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:   /
* IDN support not present, can't parse Unicode domains
* Could not resolve host:   
* Closing connection 5
curl: (6) Could not resolve host:   
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:  /
* IDN support not present, can't parse Unicode domains
* Could not resolve host:  
* Closing connection 6
curl: (6) Could not resolve host:  
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:  /
* IDN support not present, can't parse Unicode domains
* Could not resolve host:  
* Closing connection 7
curl: (6) Could not resolve host:  
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:  /
* IDN support not present, can't parse Unicode domains
* Could not resolve host:  
* Closing connection 8
curl: (6) Could not resolve host:  
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:  /
* IDN support not present, can't parse Unicode domains
* Could not resolve host:  
* Closing connection 9
curl: (6) Could not resolve host:  
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:  /
* IDN support not present, can't parse Unicode domains
* Could not resolve host:  
* Closing connection 10
curl: (6) Could not resolve host:  
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:  /
* IDN support not present, can't parse Unicode domains
* Could not resolve host:  
* Closing connection 11
curl: (6) Could not resolve host:  
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:  -m/
* IDN support not present, can't parse Unicode domains
* Could not resolve host:  -m
* Closing connection 12
curl: (6) Could not resolve host:  -m
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to: 30/
* Trying 0.0.0.30...
* Immediate connect fail for 0.0.0.30: No route to host
* Closing connection 13
curl: (7) Could not resolve host:  -m
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:  /
* IDN support not present, can't parse Unicode domains
* Could not resolve host:  
* Closing connection 14
curl: (6) Could not resolve host:  
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:  /
* IDN support not present, can't parse Unicode domains
* Could not resolve host:  
* Closing connection 15
curl: (6) Could not resolve host:  
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:  /
* IDN support not present, can't parse Unicode domains
* Could not resolve host:  
* Closing connection 16
curl: (6) Could not resolve host:  
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:  /
* IDN support not present, can't parse Unicode domains
* Could not resolve host:  
* Closing connection 17
curl: (6) Could not resolve host:  
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:  /
* IDN support not present, can't parse Unicode domains
* Could not resolve host:  
* Closing connection 18
curl: (6) Could not resolve host:  
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:  /
* IDN support not present, can't parse Unicode domains
* Could not resolve host:  
* Closing connection 19
curl: (6) Could not resolve host:  
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:  /
* IDN support not present, can't parse Unicode domains
* Could not resolve host:  
* Closing connection 20
curl: (6) Could not resolve host:  
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:  /
* IDN support not present, can't parse Unicode domains
* Could not resolve host:  
* Closing connection 21
curl: (6) Could not resolve host:  
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:  /
* IDN support not present, can't parse Unicode domains
* Could not resolve host:  
* Closing connection 22
curl: (6) Could not resolve host:  
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:  /
* IDN support not present, can't parse Unicode domains
* Could not resolve host:  
* Closing connection 23
curl: (6) Could not resolve host:  
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:  /
* IDN support not present, can't parse Unicode domains
* Could not resolve host:  
* Closing connection 24
curl: (6) Could not resolve host:  
Note: Unnecessary use of -X or --request, GET is already inferred.
* Rebuilt URL to:  /
* IDN support not present, can't parse Unicode domains
* Could not resolve host:  
* Closing connection 25
curl: (6) Could not resolve host:  

 

Regular Contributor II
Posts: 222
Registered: ‎09-11-2013

Re: Fetching guest accounts with API not working!

Can someone confirm that the link to fetch the guest accounts should not end with 3066 like the doc mentions. It worked when I removed the 3066 but I still see the error that I noticed from before. It is fetching the guest accounts though!!!

Guru Elite
Posts: 8,053
Registered: ‎09-08-2010

Re: Fetching guest accounts with API not working!

The URL you were using was attempting to get guest account number 3066.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Regular Contributor II
Posts: 222
Registered: ‎09-11-2013

Re: Fetching guest accounts with API not working!

[ Edited ]

thanks Tim,

what about creating an account the document has this template:

curl -X POST "https://<ClearPass IP/hostname>/api/guest" \
     -H "Content-Type: application/json" \
     -H "Authorization: Bearer a6d2873200bee25768307c32ee22415ac8ad203a" \
     --data '{
  "enabled": true,
  "expire_time": "1438562410",
  "password": "Aruba@!23$",
  "role_id": 2,
  "username": "testaccount"
                }'\
            -m 30 \
            -v \
            -k

 

 

and mine looks like this(but it is not working with the error below):

curl -X POST "https://clearpass.mydomain.com:443/api/guest" \
     -H "Content-Type: application/json" \
     -H "Authorization: Bearer b6d3....." \
     --data '{"email": "testapi@api.com", "enabled": true, "expire_time": "1475805555", "password": "aruba123", "username": "testapi@api.com", "role_id": 2}'\
            -m 30 \
            -v \
            -k

 

 

 

error I get has this line:

{"validation_messages":{"role_id":{"error":"Required field"}},"type":"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html","title":"Unprocessable Entity","status":422,"detail":"User and device accounts must include the role_id property"}* Rebuilt URL to:  /

 

 

it looks like it is complaining about the role_id but as you can see I have it up there and I was able to create a guest account from the API explorer within clearpass itself.

Guru Elite
Posts: 8,053
Registered: ‎09-08-2010

Re: Fetching guest accounts with API not working!

Put the role ID value in quotes.

Sent from Nine<>

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Regular Contributor II
Posts: 222
Registered: ‎09-11-2013

Re: Fetching guest accounts with API not working!

I have tried but no luck. I just got it to work but I have no idea what I changed other than made my curl as one line instead of multiple lines. Like this:

 

 

curl -X POST "https://clearpass.mydomain.com/api/guest" -H "Content-Type: application/json" -H "Authorization: Bearer b6d3a...." -d '{"email": "api2@api.com", "enabled": true, "expire_time": "1479165108", "password": "aruba123", "username": "api2@api.com", "role_id": 2}' -m 30 -v -k

 

 

Tim,

can you tell why it worked when I changed it to one line instead of multiple lines?

Regular Contributor II
Posts: 222
Registered: ‎09-11-2013

Re: Fetching guest accounts with API not working!

Actually never mind. what you can't see is that I have a formatting issue when I use multiples lines (I just copied the template in the document). There should no be any space before and argument for the curl. the "-H", "-m", "-v" all should have no space at the beginning. I removed and it worked.

 

thanks for your input.

Search Airheads
Showing results for 
Search instead for 
Did you mean: