Security

Reply
Contributor II
Posts: 58
Registered: ‎04-29-2014

no authentication source in service

Hello Everyone,

 

I have a service in my CPPM for mac based VLAN allocation. It is accepting requests from users connected to a specific switch and telling them which vlan they are depending on some attributes like 'OS Family', etc.

 

This was working perfectly a few weeks ago, but not anymore since I am trying to re-do some tests this morning. I installed the cumulative patch 2 yesterday.

 

The difference I can see when I compare the requests which were working and the ones wich not in access tracker is the 'Authentication Source'. It is now 'None' and was 'Local:Localhost' before.

Also, I don't have any authorization attributes anymore in the request despite the fact that the endpoint has been profiled.

 

Hope you can help me.

 

Thanks in advance,

 

- nice2k

Guru Elite
Posts: 21,487
Registered: ‎03-29-2007

Re: no authentication source in service

You need to add an authentication source to your service.  The Endpoints repository?  You also might want to open up a case to determine why the patch changed things.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 58
Registered: ‎04-29-2014

Re: no authentication source in service

Hello,

 

Thanks for your answer.

I already have the Endpoints Repository as an Authentication source. I also tried to recreate the service without success...

Guru Elite
Posts: 21,487
Registered: ‎03-29-2007

Re: no authentication source in service

Does the Access tracker say that it is still being handled by the same service?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 58
Registered: ‎04-29-2014

Re: no authentication source in service

Guru Elite
Posts: 21,487
Registered: ‎03-29-2007

Re: no authentication source in service

It looks like it is sending back the VLAN 13 enforcement profile.  What is in that enforcement profile?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 58
Registered: ‎04-29-2014

Re: no authentication source in service

Yes, it is an enforcement profile just to put the user in the vlan 13. I have one for each vlan and this one is the default profile.

 

My enforcement policy says : If this user is os OS Family, put it in the vlan 10.

It is putting the user in the vlan 13 because it's the default enforcement profile (he can't find the OS Family attribute, I don't see the authorization attributes anymore in the computed attributes) 

Guru Elite
Posts: 21,487
Registered: ‎03-29-2007

Re: no authentication source in service

Well,

 

Does an OS family exist for that endpoint in the Endpoints repository?  If the device does not exist or it does not have an OS family, that attribute will not show up or be keyed on.  If it is a new device and it has never sent DHCP information to CPPM, it would not be aware of the OS family, because it does not have that information.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 58
Registered: ‎04-29-2014

Re: no authentication source in service

Yes, the device has been profiled and has the attribute OS Family...

Guru Elite
Posts: 21,487
Registered: ‎03-29-2007

Re: no authentication source in service

Please open up a support case.  That is all that you are supposed to do.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: