Security

Reply
Super Contributor I
Posts: 303
Registered: ‎02-07-2013

clearpass regular expressions

Hi,

I've got a clearpass service that is used to authenticate our eduroam users against our AD service.

 

Amongst other things service selection is done by checking that radius:ietf:User-Name contains @york.ac.uk which is our standard eduroam realm.

 

AD authentication is set up to strip off the @york.ac.uk suffic and also , if present to remove our AD domain prefix (ITSYORK)

 

I thought that I could use match_regex specifying

 

@york\.ac\.uk$|^ITSYORK

 

to select the service based upon the User-Name  is but the above doesn't work. What should I be specifying?

 

Rgds

Alex

 

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: clearpass regular expressions

I usually just do

 

Authentication:Full Username             ENDS_WITH       @york.ac.uk

 

You don't want to allow DOMAIN\ on eduroam. It is not valid and users will not be able to connect at other universities.

 

Take a look here at how you can work around this:

 

http://community.arubanetworks.com/t5/Mobility-Hero-Tutorials/AD-Machine-Auth-Eduroam-ClearPass-Jan-2014/

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: