Security

Reply
Occasional Contributor II
Posts: 11
Registered: ‎06-14-2016

Role Mapping not catching a user who is memberOf a group

CN=GLB-xxxxxx shows up under thier authorization in the failure message and that's what we key off of.  Only difference between this user and me is that in the authorization on the logs the group shows up under Group and memberOf.

 

Have tried keying his off memberOf or Group and it does not matter, he just does not match..

 

Rule is Authsource-AD,  meberOf, equals, GLB-xxxxxx

 

 

 

 

Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: Role Mapping not catching a user who is memberOf a group

Are they in a nested group?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 11
Registered: ‎06-14-2016

Re: Role Mapping not catching a user who is memberOf a group

Is there a easy to tell from the clearpass auth failure message under auth attribs?

 

 

Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: Role Mapping not catching a user who is memberOf a group

You'd want to look in AD.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 21,512
Registered: ‎03-29-2007

Re: Role Mapping not catching a user who is memberOf a group


Bruha wrote:

CN=GLB-xxxxxx shows up under thier authorization in the failure message and that's what we key off of.  Only difference between this user and me is that in the authorization on the logs the group shows up under Group and memberOf.

 

Have tried keying his off memberOf or Group and it does not matter, he just does not match..

 

Rule is Authsource-AD,  meberOf, equals, GLB-xxxxxx

 

 

 

 


the MemberOf attribute is a string.  Please use contains, instead of equals to attempt to match any part of that string.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 11
Registered: ‎06-14-2016

Re: Role Mapping not catching a user who is memberOf a group

Thanks I've been beating my head against this for awhile.  I did not even consider that a possibility.

 

 

Guru Elite
Posts: 21,512
Registered: ‎03-29-2007

Re: Role Mapping not catching a user who is memberOf a group

I'd wear a helmet, if I were you ;)



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: