Security

last person joined: 2 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Junos Space integration issues with ClearPass Policy Manager

This thread has been viewed 0 times

  • 1.  Junos Space integration issues with ClearPass Policy Manager

    Posted May 08, 2015 02:49 PM

    So I'm working on just getting basic radius authentication working with Juniper's Junos Space product, where it has 3 protocol choices, PAP, CHAP, and MS-CHAPv2.  I've pointed the box at ClearPass for authentication and Space indicates that is has a valid connection, but when I try to authenticate (using either local or AD accounts), I get errors.

     

    If I'm using PAP or MS-CHAPv2, the error is "Cannot select appropriate authentication method" (the logs state "ERROR RadiusServer.Radius - rlm_auth_check: Auth-Type not set or authentication methods have not been configured. Rejecting it."), and if I'm using CHAP, the error is "CHAP: Clear text password not available"

     

    Is the above an indication that Junos Space may not be passing the "Auth-Type" field in it's radius request?

     

    I'm working with Juniper to get a copy of the raw radius request to look into what's going on but are there any thoughts on the Aruba side on what's going on here?



  • 2.  RE: Junos Space integration issues with ClearPass Policy Manager

    EMPLOYEE
    Posted May 08, 2015 02:53 PM

    This is all we needed to get it working. NAS-ID is the server name.

     

    junos-space-1.PNG

     



  • 3.  RE: Junos Space integration issues with ClearPass Policy Manager

    Posted May 08, 2015 03:06 PM

    I added the NAS-ID's and double checked them against the radius request, still having the same issue.



  • 4.  RE: Junos Space integration issues with ClearPass Policy Manager
    Best Answer

    Posted May 08, 2015 03:16 PM

    I figured out what the issue was.  I had the authentication protocol set as "EAP MSCHAPv2" and Junos Space can't handle the EAP encapsulation.  I noticed on cappalli's post that he was using MSCHAP as the auth protocol and enabled that protocol, and it then proceeded to work.

     

    Thanks



  • 5.  RE: Junos Space integration issues with ClearPass Policy Manager

    Posted Sep 06, 2017 03:40 AM

    Hi,

    Can you please share the complete service configuration of Clearpass for Junos space RADIUS authentication. we are planning to use Clearpass as a RADIUS server for Junos space where ClearPass authentication source as our active directory. we have created remote profiles in Junos space and did not know how to create the service in CPPM for this requirement. Can you please help me on this.

     

    Thanks,

    Yugandhar.



  • 6.  RE: Junos Space integration issues with ClearPass Policy Manager

    EMPLOYEE
    Posted May 08, 2015 02:53 PM

    The first message means that in your service, your service rules are too specific, or do not match your authentication, so your authentication request is classified incorrectly.  What are the service rules under the service tab for your service?