Security

Reply
Occasional Contributor I

Junos Space integration issues with ClearPass Policy Manager

So I'm working on just getting basic radius authentication working with Juniper's Junos Space product, where it has 3 protocol choices, PAP, CHAP, and MS-CHAPv2.  I've pointed the box at ClearPass for authentication and Space indicates that is has a valid connection, but when I try to authenticate (using either local or AD accounts), I get errors.

 

If I'm using PAP or MS-CHAPv2, the error is "Cannot select appropriate authentication method" (the logs state "ERROR RadiusServer.Radius - rlm_auth_check: Auth-Type not set or authentication methods have not been configured. Rejecting it."), and if I'm using CHAP, the error is "CHAP: Clear text password not available"

 

Is the above an indication that Junos Space may not be passing the "Auth-Type" field in it's radius request?

 

I'm working with Juniper to get a copy of the raw radius request to look into what's going on but are there any thoughts on the Aruba side on what's going on here?

Guru Elite

Re: Junos Space integration issues with ClearPass Policy Manager

The first message means that in your service, your service rules are too specific, or do not match your authentication, so your authentication request is classified incorrectly.  What are the service rules under the service tab for your service?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite

Re: Junos Space integration issues with ClearPass Policy Manager

This is all we needed to get it working. NAS-ID is the server name.

 

junos-space-1.PNG

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: Junos Space integration issues with ClearPass Policy Manager

I added the NAS-ID's and double checked them against the radius request, still having the same issue.

Occasional Contributor I

Re: Junos Space integration issues with ClearPass Policy Manager

I figured out what the issue was.  I had the authentication protocol set as "EAP MSCHAPv2" and Junos Space can't handle the EAP encapsulation.  I noticed on cappalli's post that he was using MSCHAP as the auth protocol and enabled that protocol, and it then proceeded to work.

 

Thanks

Occasional Contributor II

Re: Junos Space integration issues with ClearPass Policy Manager

Hi,

Can you please share the complete service configuration of Clearpass for Junos space RADIUS authentication. we are planning to use Clearpass as a RADIUS server for Junos space where ClearPass authentication source as our active directory. we have created remote profiles in Junos space and did not know how to create the service in CPPM for this requirement. Can you please help me on this.

 

Thanks,

Yugandhar.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: