Security

I have Clearpass authenticating iPhones and Androids.  I need to pass the UPN authentication from Clearpass to Active Directory to have Clearpass make a decision.  Both phones authenticate via a certificate.

 

My Android phones authenticate with the AD SAM username. EX ncci/ncdlt. The iPhones try to authenticate with the UPN. EX daniel_tominovich@ncci.com.  The Androids work and the iPhones do not.

How do I get Clearpass to pass the UPN on to AD for authentication?

Under the authentication tab (at the bottom), try stripping the domain using the "user:@" syntax.

I tried that and it had no effect on the authentication.

Thanks

Changing from this:

 

(&(objectClass=user)(sAMAccountName=%{Authentication:Username}))

to this:
(|(&(objectClass=user)(sAMAccountName=%{Authentication:Username}))(&(objectClass=user)(userPrincipalName=%{Authentication:Username})))

 

was the fix.

Hi!

 

Many thanks for this authentication filter - still best choice for this scenario.

 

I've added the AD badPWDCount to the filter so that Clearpass does not pass wrong credentials to AD after 4 tries:

 

(&(|(&(objectClass=user)(sAMAccountName=%{Authentication:Username}))(&(objectClass=user)(userPrincipalName=%{Authentication:Username})))(!(badPwdCount>=4)))

 

With kind regards

Manfred M.

Griaß di Manfred!

 

Aged post but - thank you for sharing that filter combination.
Saved me time

 

Hello,

i need help with OU i add the:
(&(objectClass=user)(sAMAccountName=%{Authentication:Username}))

for username and work great, now i want add ou for department name any help ?

thank you
Original Message:
Sent: Sep 21, 2018 04:36 AM
From: Ing. Manfred Mauler
Subject: UPN authentication with clearpass and active directory

Hi!

 

Many thanks for this authentication filter - still best choice for this scenario.

 

I've added the AD badPWDCount to the filter so that Clearpass does not pass wrong credentials to AD after 4 tries:

 

(&(|(&(objectClass=user)(sAMAccountName=%{Authentication:Username}))(&(objectClass=user)(userPrincipalName=%{Authentication:Username})))(!(badPwdCount>=4)))

 

With kind regards

Manfred M.

You responded to an old discussion and your question is unrelated to the topic (OU and UPN are mutually exclusive).

Please open a new post and explain what you want to achieve.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Aug 10, 2022 05:31 AM
From: Mohammad AlHaddad
Subject: UPN authentication with clearpass and active directory

Hello,

i need help with OU i add the:
(&(objectClass=user)(sAMAccountName=%{Authentication:Username}))

for username and work great, now i want add ou for department name any help ?

thank you
Original Message:
Sent: Sep 21, 2018 04:36 AM
From: Ing. Manfred Mauler
Subject: UPN authentication with clearpass and active directory

Hi!

 

Many thanks for this authentication filter - still best choice for this scenario.

 

I've added the AD badPWDCount to the filter so that Clearpass does not pass wrong credentials to AD after 4 tries:

 

(&(|(&(objectClass=user)(sAMAccountName=%{Authentication:Username}))(&(objectClass=user)(userPrincipalName=%{Authentication:Username})))(!(badPwdCount>=4)))

 

With kind regards

Manfred M.