Security

I am currently working on some cppm service about blacklisted username. I want to assign deny role on Role mapping profile, but I don't know how to filter out blacklisted username's authentication. it is not like IP or Mac which i could add them in static host list and then assign deny role by belongs_to_group.

Could any one share alternative method to do such deny blacklisted username's authentication action.

------------------------------
Shu Ming Tsang
------------------------------

Hi,

What the source of authentication ?

if it is AD, you can add a block ad group and make a rule if the user is member on this group,

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281
------------------------------

Original Message:
Sent: Mar 22, 2021 01:27 AM
From: Shu Ming Tsang
Subject: CPPM Blacklist username

I am currently working on some cppm service about blacklisted username. I want to assign deny role on Role mapping profile, but I don't know how to filter out blacklisted username's authentication. it is not like IP or Mac which i could add them in static host list and then assign deny role by belongs_to_group.

Could any one share alternative method to do such deny blacklisted username's authentication action.

------------------------------
Shu Ming Tsang
------------------------------

dot1x auth and the source is AD. Just wanna know any method to do it on CPPM side rather than do it on AD side.

------------------------------
Shu Ming Tsang
------------------------------

Original Message:
Sent: Mar 22, 2021 12:10 PM
From: Alexis La Goutte
Subject: CPPM Blacklist username

Hi,

What the source of authentication ?

if it is AD, you can add a block ad group and make a rule if the user is member on this group,

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281

Original Message:
Sent: Mar 22, 2021 01:27 AM
From: Shu Ming Tsang
Subject: CPPM Blacklist username

I am currently working on some cppm service about blacklisted username. I want to assign deny role on Role mapping profile, but I don't know how to filter out blacklisted username's authentication. it is not like IP or Mac which i could add them in static host list and then assign deny role by belongs_to_group.

Could any one share alternative method to do such deny blacklisted username's authentication action.

------------------------------
Shu Ming Tsang
------------------------------

there is no easy solution i think...

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281
------------------------------

Original Message:
Sent: Mar 22, 2021 09:34 PM
From: Shu Ming Tsang
Subject: CPPM Blacklist username

dot1x auth and the source is AD. Just wanna know any method to do it on CPPM side rather than do it on AD side.

------------------------------
Shu Ming Tsang

Original Message:
Sent: Mar 22, 2021 12:10 PM
From: Alexis La Goutte
Subject: CPPM Blacklist username

Hi,

What the source of authentication ?

if it is AD, you can add a block ad group and make a rule if the user is member on this group,

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281

Original Message:
Sent: Mar 22, 2021 01:27 AM
From: Shu Ming Tsang
Subject: CPPM Blacklist username

I am currently working on some cppm service about blacklisted username. I want to assign deny role on Role mapping profile, but I don't know how to filter out blacklisted username's authentication. it is not like IP or Mac which i could add them in static host list and then assign deny role by belongs_to_group.

Could any one share alternative method to do such deny blacklisted username's authentication action.

------------------------------
Shu Ming Tsang
------------------------------

What should work is adding the username in the Local Users or Guest Users database with a Role (Local Users) or Attribute, then add that database as an authorization source to your service. In role-mapping (or Enforcement) you can query the Local/Guest Users if the username is there and subject to being denied.

Have not tested, but this should work.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Mar 22, 2021 01:27 AM
From: Shu Ming Tsang
Subject: CPPM Blacklist username

I am currently working on some cppm service about blacklisted username. I want to assign deny role on Role mapping profile, but I don't know how to filter out blacklisted username's authentication. it is not like IP or Mac which i could add them in static host list and then assign deny role by belongs_to_group.

Could any one share alternative method to do such deny blacklisted username's authentication action.

------------------------------
Shu Ming Tsang
------------------------------