Security

Reply
Super Contributor I
Posts: 303
Registered: ‎02-07-2013

Why is this service being selected?

Hi,

quick question. I've got a  machine auth service that should auth machines in our AD tree. The selection  component is

 

Machine-auth-service.png

So the service should only be selected when the User-Name= host/....its.york.ac.uk and some other stuff

 

What I see is

 

machine-auth reject.png

Where I get a reject passed back  ... but the username is ITSYORK\hhm501. The service shouldn't even have been selected.

The Access-Request packet shows

 

machine-auth access-request.png

 

Running 6.5.4

 

I would have expected to have seen an unable to categorise request

 

Rgds

Alex

 

 

Guru Elite
Posts: 8,641
Registered: ‎09-08-2010

Re: Why is this service being selected?

Try changing username to "Full-Username"



Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 520
Registered: ‎05-11-2011

Re: Why is this service being selected?

There is no Full-Username in Radius:IETF. It is in the Authentication:Full-Username, but I don't think that is accessible during the service categorization phase.

 

It definately looks like it just disregards that test for some reason.. Can't tell you why tho alexsuoy :(


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Super Contributor I
Posts: 303
Registered: ‎02-07-2013

Re: Why is this service being selected?

hi,

Yuo found that there wasn't a Full-Username. Tried using the Authentication:Full-Username setting, seemed to have worked... well at least I haven't seen the error I saw yesterday yet.

A

Search Airheads
Showing results for 
Search instead for 
Did you mean: