Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

TACACS Role Mapping using Authorization Attributes From AD

This thread has been viewed 3 times

  • 1.  TACACS Role Mapping using Authorization Attributes From AD

    Posted Mar 16, 2018 07:15 PM

    First off, I am new to using CPPM as a TACACS server but have been using it for RADIUS for a little while.

     

    I am trying to use Authorization Attributes from active directory to map roles and then use those tips roles to enforce different profiles. I am already doing this on the RADIUS side to push down wireless roles to controllers. Now I'm trying my hand at TACACS

     

    I have read a handful blog posts, watched videos, and used ASE templates but for some reason Authorization Attributes never shows up in the Request tab in the log. If reference AD Authorization Attributes in the Enforcement Policy magically it shows in the log, but still has no effect on the Role Mapping. 

     

    I have looked through my AD server in Authentication Sources and I have "Used for Authorization" checked (all this is working for RADIUS)

     

    I'm at a loss and thought I would start here before TAC

     

     



  • 2.  RE: TACACS Role Mapping using Authorization Attributes From AD

    EMPLOYEE
    Posted Mar 16, 2018 11:27 PM
    Could you share the tacacs service configuration here? Screen captures will do.


  • 3.  RE: TACACS Role Mapping using Authorization Attributes From AD
    Best Answer

    Posted Mar 19, 2018 08:32 AM

    They won't show up in Access Tracker if you're not addressing/using them in some way. So define a Role Mapping to your Service where you pick up on type "Authorization:MYAD:memberof", do a TACACS auth from your device and you should see all the available attributes in your Access Tracker entry.