01-23-2015 04:42 PM - edited 01-24-2015 08:13 AM
This tutorial is like the next part of this one created by Aruba
I notice that with this you were able to access the cppm console but thi didnt work to access other consoles like Guest, and Insigh one with Active directory credentials
So lets start
After you done with the tutorial up you will see that the active directory credential doesnt work for the other consoles.
To make it work you have to do the fallowing
You need to build a Role Mapping which you should have created alredy with the tutorial up but ill repeat that part:
Here the type is Authorization with AD, the name member of(which is the group of Active directory that contains the users that are allowed in this console), in this example i just put domain admins(so any user on domain admin got access to this consoles)
On the Role Name use the [TACACS Super Admin]
On policy tab you can put [Guest] So that if the login fails he put this random default role and wont let him access
Now you create a enforment profile
Now you have to build a new profile in which the atribue name you use admin_priviledges and on atribute you can put anything like GuestAdmin for example. This attribute value MUST match exactly with what we will configure on the guest console so pay attention to what you put in there.
Now lets build the enforment policy
We create a new one and configure it like this:
Ondefault profile you select something like deny application access so it wont have access if he fail the authentication
Lets go to rules
Put it exactly like this, and on the profile name select the profile you created before(in my case its copy of operators login admin users.
Now with that info lets build the service.
You can copy the [Guest Operator Logins] which is the service that authenticate by default those consoles.
you can copy it and edith it which is what i did.(you can also rename it with whatever name you want.
As you see i highlighted the service you can use to copy and you see up is the copied service i used
Lets go inside the service:
The first thing you need to do is to add Insight as you see in this image( you will only see Guest
Lets go to authentication tab
We select Active directory which you should have previusly configured in your Clearpass.
Now lets go to roles tab
Here we select on role mapping the one we created up
Now lets go to Enforment tab
Now you select the enforment profile we configured before.
And thats it you are done here you save it!
Now the order!
As you see here i got copy of the [Guest operaor Logins] which is the one i created before [Guest operaor Logins] Which is the default one that comes with the Policy manager.
Now lets go to the Guest console for part 2!
Lets go to translation rules
And we create a new rule
on Attribute you put what we had on the cppm admin_privileges equals to GuestAdmin(remenber here it must match! if it doesnt then it wont work... i mean if you put one letter different it wont work)
This rule is the one we use so the clearpass guest console understand that he must use the AD credentials.
On match, you put Assign Fixed operator profile
IT Administrator so he has all the access.
Save it and you are done!
Now you got all the consoels with AD authentication and not just the policy manager :)
Product Manager - Aruba Networks