Wireless Access

Reply
Occasional Contributor I
Posts: 5
Registered: ‎04-17-2015

I am trying to use the ClearPass Policy Manager as a RADIUS server for a Cisco WSA IronPort S170.

I am trying to use the ClearPass Policy Manager as a RADIUS server for a Cisco WSA IronPort S170.

I have set up the device in CPPM with a shared key, and added the user into AD for the WSA.

When testing the authentication realm settings from the WSA I get a message stating that the shared secret is incorrect or the agent is unreachable. 

Form the CPPM I get this in the request log details:

 INFO RadiusServer.Radius - LDAP/AD User lookup time = 1 ms
 INFO RadiusServer.Radius - rlm_auth_check: Auth-Type not set.
 ERROR RadiusServer.Radius - rlm_auth_check: Auth-Type not set or authentication methods have not been configured. Rejecting it.

I have a policy set to give read only access should a user match the distinguished name, but it is stating that there is no auth type set.

Guru Elite
Posts: 21,253
Registered: ‎03-29-2007

Re: I am trying to use the ClearPass Policy Manager as a RADIUS server for a Cisco WSA IronPort S170

Does the authentication from the ironport use PAP, MsChap, etc and are those authentication methods enabled in the service?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎04-17-2015

Re: I am trying to use the ClearPass Policy Manager as a RADIUS server for a Cisco WSA IronPort S170

The ironport is using PAP

 But I have PAP, CHAP MSCHAP, and EAP MSCHAP v2 enabled in the CPPM service.

Guru Elite
Posts: 21,253
Registered: ‎03-29-2007

Re: I am trying to use the ClearPass Policy Manager as a RADIUS server for a Cisco WSA IronPort S170

What kind of server do you have defined and added to your service, an LDAP server?  If you only doing PAP, you only need an LDAP server defined.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎04-17-2015

Re: I am trying to use the ClearPass Policy Manager as a RADIUS server for a Cisco WSA IronPort S170

Not sure what you mean here. 

It is referencing from and Active Directory server for user authentication. I was able to get it set up to log in as my AD account for Admin access, but the IronPort WSA can not.

Occasional Contributor I
Posts: 5
Registered: ‎04-17-2015

Re: I am trying to use the ClearPass Policy Manager as a RADIUS server for a Cisco WSA IronPort S170

Woah, Ok. I thought it was PAP, but as it turns out the authentication is NTLM protocol. I don't see that as a method for authentication in CPPM.

Occasional Contributor I
Posts: 5
Registered: ‎04-17-2015

Re: I am trying to use the ClearPass Policy Manager as a RADIUS server for a Cisco WSA IronPort S170

Has anyone had this issue, or tried to get the CPPM to work with a Cisco WSA before? Is this even possible to do?

MVP
Posts: 1,414
Registered: ‎11-30-2011

Re: I am trying to use the ClearPass Policy Manager as a RADIUS server for a Cisco WSA IronPort S170

you should check if it support RADIUS or TACACS+ as an authentication server, then the CPPM can play a role. if it is just LDAP, AD, NTLM you probably will have to interface with Windows AD directly.

 

from a thread like this i would assume it is possible, it even shows a screenshot where:

https://supportforums.cisco.com/discussion/11966116/ironport-s170-and-microsoft-radius

Search Airheads
Showing results for 
Search instead for 
Did you mean: