Security

Hello,

im currently doing an integration for Clearpass and Palo Alto. Clearpass has successfully send data to Palo, but in order to create specific policy per user, the Palo team said that they need the username on the tags sent to Palo. This is what we currently got:

Is there any way to include username in the tags? We didn't find any way to send the username using the enforcement profile.

Thank you!

------------------------------
AA
------------------------------

Hi Aria_A,

Your configuration from the ClearPass looks fine to me. Have you enable Radius Interim Accounting on the Mobility Master/Controller? This can be located under Authentication > AAA > SSIDNAME_aaa_prof. Also make sure the RADIUS accounting server group is enabled to the same SSIDNAME_dot1_svg



Original Message:
Sent: Apr 14, 2021 04:45 AM
From: Aria adhiguna
Subject: Clearpass - Palo Alto Username TA

Hello,

im currently doing an integration for Clearpass and Palo Alto. Clearpass has successfully send data to Palo, but in order to create specific policy per user, the Palo team said that they need the username on the tags sent to Palo. This is what we currently got:

Is there any way to include username in the tags? We didn't find any way to send the username using the enforcement profile.

Thank you!

------------------------------
AA
------------------------------

Yes i believe we have turned on that option.
We are able to send role name and device type to clearpass as Tags, but we havent found any way to send username as Tag too.

------------------------------
AA
------------------------------

Original Message:
Sent: Apr 15, 2021 10:07 AM
From: Pablo Almanza
Subject: Clearpass - Palo Alto Username TA

Hi Aria_A,

Your configuration from the ClearPass looks fine to me. Have you enable Radius Interim Accounting on the Mobility Master/Controller? This can be located under Authentication > AAA > SSIDNAME_aaa_prof. Also make sure the RADIUS accounting server group is enabled to the same SSIDNAME_dot1_svg

Original Message:
Sent: Apr 14, 2021 04:45 AM
From: Aria adhiguna
Subject: Clearpass - Palo Alto Username TA

Hello,

im currently doing an integration for Clearpass and Palo Alto. Clearpass has successfully send data to Palo, but in order to create specific policy per user, the Palo team said that they need the username on the tags sent to Palo. This is what we currently got:

Is there any way to include username in the tags? We didn't find any way to send the username using the enforcement profile.

Thank you!

------------------------------
AA
------------------------------

Hi Aria_A. 
Did you find an answer to this?
What authentication method are your clients using? (i.e. EAP-PEAP, EAP-TLS, etc)
Original Message:
Sent: Apr 15, 2021 10:04 PM
From: Aria adhiguna
Subject: Clearpass - Palo Alto Username TA

Yes i believe we have turned on that option.
We are able to send role name and device type to clearpass as Tags, but we havent found any way to send username as Tag too.

------------------------------
AA

Original Message:
Sent: Apr 15, 2021 10:07 AM
From: Pablo Almanza
Subject: Clearpass - Palo Alto Username TA

Hi Aria_A,

Your configuration from the ClearPass looks fine to me. Have you enable Radius Interim Accounting on the Mobility Master/Controller? This can be located under Authentication > AAA > SSIDNAME_aaa_prof. Also make sure the RADIUS accounting server group is enabled to the same SSIDNAME_dot1_svg

Original Message:
Sent: Apr 14, 2021 04:45 AM
From: Aria adhiguna
Subject: Clearpass - Palo Alto Username TA

Hello,

im currently doing an integration for Clearpass and Palo Alto. Clearpass has successfully send data to Palo, but in order to create specific policy per user, the Palo team said that they need the username on the tags sent to Palo. This is what we currently got:

Is there any way to include username in the tags? We didn't find any way to send the username using the enforcement profile.

Thank you!

------------------------------
AA
------------------------------