Security

Reply
Occasional Contributor II
Posts: 19
Registered: ‎03-20-2013

Unable to login to CP Guest with Operator account

I am unable to login to CP Guest with an operator account.  Fails with incorrect username or password error.

The operator account is not LDAP.


  1. clearpass-operator.JPG

Any help/suggestions would be recommended, or if anyone has any specific examples of the Mapping Rules for an operator login, I would be grateful.

Thanks.

Guru Elite
Posts: 8,795
Registered: ‎09-08-2010

Re: Unable to login to CP Guest with Operator account

[ Edited ]

Did you create a TACACS enforcement profile that returns the role name to ClearPass guest?

 

engineering-profile.PNG


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 19
Registered: ‎03-20-2013

Re: Unable to login to CP Guest with Operator account

[ Edited ]

Hi,

 

I didn't have any Enforcement Profiles set.

I have tried the TACACS template you have suggested; but this is still failing - under the Enforcement Profile options for Service Attributesthere is no Engineering profile listed - just Super Admin downto API Admin (don;t know if that indicates anything in particular that is wrong).

 

I've tried applying the default Receptionist role to the user that I created - to try and isolate what is not working; and this still failsw ith same error.

 

 

Aruba
Posts: 1,548
Registered: ‎06-12-2012

Re: Unable to login to CP Guest with Operator account

What is the error you are getting?
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor II
Posts: 19
Registered: ‎03-20-2013

Re: Unable to login to CP Guest with Operator account

Hi,

 

The process that I am trying to follow to login to Clearpass Guest is to connect to https://<ip address>/tips/welcome.action

This then presents me with CPPM, CP Guest, CP OnB+W and CP Insight.

If I select the CP Guest option and try to login using the OPERATOR LOGIN form, I get Invalid Username or Password

 

 

clearpass-loginerror.JPG

 

I have now realised that I have the same problem with the admin account on Clearpass.

If I login to CPPM as admin and then launch CPG I do not get prompted for a username\password and get logged in - I have been doing this without error (through sheer luck).

If I try and launch CPG from the welcome.action form (and not login to CPPM first) I get the same problem as with the operator accounts I have tried to setup.

 

Aruba
Posts: 1,548
Registered: ‎06-12-2012

Re: Unable to login to CP Guest with Operator account

Is there an error in access tracker when you try to log in?
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor II
Posts: 19
Registered: ‎03-20-2013

Re: Unable to login to CP Guest with Operator account

Yep, there is an entry in Access Tracker log

 

Error Code:          204

Error Category:   Authentication failure

Error Message:  Failed to classify request to service

Aruba
Posts: 1,548
Registered: ‎06-12-2012

Re: Unable to login to CP Guest with Operator account

It means that you either don't have a service defined or it's been disabled or deleted.

There should be one in there by default for guest operator.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor II
Posts: 19
Registered: ‎03-20-2013

Re: Unable to login to CP Guest with Operator account

All problems, for Operator and admin have been resolved.

Navigated to CPPM > Configuration > Services and then need to enable both (not one) of the following:

Policy Manager Admin Network Login Service           Type=TACACS

Guest Operator Logins                                                   Type=Application

 

Many thanks for all input into investigating this problem.

Search Airheads
Showing results for 
Search instead for 
Did you mean: