Security

Hi guys,

 

I need to define a custom source (SQL). Is this possible that I check, what is the custom query's output on the clearpass? For example: what is the output for the following query: 

1. SELECT d.attr_value FROM tips_session_log_details d, tips_dashboard_summary s WHERE s.id = d.session_id AND s.user_name = '%{Authentication:Username}' AND s.source = 'RADIUS' AND s.timestamp > now() - interval '5 minutes' and d.attr_name = 'Radius:Cisco:Cisco-AVPair' and d.attr_value like 'audit-session-id%' LIMIT 1;

You can use the appexternal account to connect to the postgres database and run queries/browse the tables. 

Thank you!

Did this Q work ? it is for Cisco ASA VPN CoA, please let me know if you were able to make this work.

 

Thank you.

Hi,

 

This question is out of date, because the clearpass can fetch the Radius:Cisco:Cisco-AVPair attributes from Radius query from ClearPass 6.6 as I remember. But keep in mind this solution can works only if the OnGuard Agent is in Authentication with health check status.

I hope this helps.

Thanks for responding, we are seeing the attributes in teh radius request but not able to fetch while doing CoA, any idea how to do so ? the mentione Q does not work.

 

You need to:

1. Ensure you are on ClearPass 6.6.0 or greater
2. Change your ASA from CiscoASA to Cisco in the NAD defitinion
3. Create a new CoA profile and add:
   

   Radius:Cisco	Cisco-AVPair	=	%{Radius:Cisco:Cisco-AVPair}

Example:

Hi,

Tried it but without the service type field, it didnt work when tested with us...TAC adjusted the custom audit session query and worked fine after testing for 8 hrs :).

With cisco avpair will the health check service he able to fetch the session ID correctly ?


I will try to test with cisco avpair again and check if it works since I might have missed something.

Thanks a million