Wireless Access

Reply

CPPM IF-MAP - 401 Error

Good afternoon,

 

I'm trying to setup CPPM IF-MAP for additional profiling to ClearPass, but having some issues with establishing the connection. In most of the controllers, the status shows "401 error". I have tried doing the IP and port 443, which I thought might be a problem, so I tried the IP and port 80 and that also failed. I tried the hostname, but don't have DNS servers configured on the controller, so getting can't resolve name. When I do IP:443 or DNS:443 in my browser, it gives the same error. Any ideas why this isn't establishing? Not sure if I should use a different port or not. I've setup the user account in ClearPass, so I know that's valid, but not even seeing the request. Controllers use CPPM for RADIUS auth, so I know they can communicate.

 

Controller is 6.4.4.16 and ClearPass is 6.6.5.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Guru Elite

Re: CPPM IF-MAP - 401 Error

You have to use an FQDN with port 443.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: CPPM IF-MAP - 401 Error

I was able to add DNS servers to the controller, and setup the IF-MAP using FQDN of Clearpass on port 443, but still getting Error 401 Unauthorized. ClearPass, by default, is setup to redirect to a guest page if you use just the FQDN, could that be related? Should I set the main page back to the default?


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Guru Elite

Re: CPPM IF-MAP - 401 Error

No, that doesn't matter.

Did you give the local admin account you created for IF-MAP API Administrator privileges?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: CPPM IF-MAP - 401 Error

I set it up as Super Administrator, does it need specifically API Admin?

 

I changed it to API Admin for testing, but I don't see any requests in Access Tracker or Event Viewer. I don't think it's even getting that far.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Guru Elite

Re: CPPM IF-MAP - 401 Error

You won't see anything in access tracker or event viewer. API Administrator is not required, but it is not recommended to give it super admin.

Sounds like you have it configured correctly. I would open a TAC case.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: CPPM IF-MAP - 401 Error

Ok, I will do that and if it gets resolved, I'll update the thread.

 

Thanks.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com

Re: CPPM IF-MAP - 401 Error

Does the ClearPass account have to be in the Admin Users or can it be in the Local Users as long as the role of API Admin is set?


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Guru Elite

Re: CPPM IF-MAP - 401 Error

It has to be in Admin Users

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: CPPM IF-MAP - 401 Error

That was it. I was under the impression that the local account needed to do a login to ClearPass, and our service has Local User Repository as the auth source. In fact, when you mentioned it didn't show up in Access Tracker or Event Viewer, that made me think maybe it needed to be with the default apiadmin account. Added it and connection was established successfully.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: