Short update regarding the PoC im demonstrating, Based on the info
@Asela and @timms sent my in the previous threads , I was able to Connect users and verify and auth their account on google via cppm onboard (Than they got CERT + Profile) , And created the OnBoard process on iOS and PC , But when the profile is being tried to being pushed the the client device (MAC to WINDOWS) im getting strange errors:
Anyone can please advise , what might be the cause of such an errors , and how to overcome them - it's the last stage before i will finish the PoC and the client will be the CPPM as an added value for his current Aruba deployment.
Thanks in advance to who that might assist me with some tips / guide, walktrough to solve these errors.
BTW: Attached error log of Windows (PC) User:
Client Log
==========
2021-07-08 14:15:16,508 [main] DEBUG Quick1X.QuickConnectDlg - Starting configuration.
2021-07-08 14:15:16,508 [main] DEBUG changelog - Starting configuration for secure network connections.
2021-07-08 14:15:16,508 [main] DEBUG Quick1X.Util - Attempting operating system detection.
2021-07-08 14:15:16,508 [main] DEBUG Quick1X.Util - running Windows Enterprise Version
2021-07-08 14:15:16,509 [main] DEBUG Quick1X.Util - Detected operating system higher than Windows XP
2021-07-08 14:15:16,509 [main] DEBUG Quick1X.WlanApi - Initializing wlan api.
2021-07-08 14:15:16,509 [main] DEBUG Quick1X.Config - Initing configuration.
2021-07-08 14:15:16,509 [main] DEBUG Quick1X.Config - QuickConnect Mode isonboard
2021-07-08 14:15:17,229 [main] DEBUG Quick1X.QuickConnectDlg - Calling javascript method : updateWorkingDirectory
2021-07-08 14:15:19,730 [main] DEBUG Quick1X.QuickConnectDlg - Calling javascript method : updateQcMode
2021-07-08 14:15:19,756 [main] DEBUG Quick1X.QuickConnectDlg - Processing configure
2021-07-08 14:15:19,757 [null] DEBUG Quick1X.QuickConnectDlg - Processsing configure task
2021-07-08 14:15:19,757 [null] DEBUG Quick1X.QuickConnectDlg - Fetching the configuration and certificate from the Onboard Server
2021-07-08 14:15:19,757 [null] DEBUG Quick1X.QuickConnectDlg - Initing device info
2021-07-08 14:15:19,757 [null] DEBUG Quick1X.DeviceInfo - Starting interface detection
2021-07-08 14:15:19,757 [null] DEBUG Quick1X.Util - Running config task as logged in user
2021-07-08 14:15:19,911 [null] DEBUG Quick1X.Util - Exit code from execed process 0
2021-07-08 14:15:19,924 [null] DEBUG Quick1X.DeviceInfo - Checking interface :Intel(R) Ethernet Connection (4) I219-LM
2021-07-08 14:15:19,924 [null] DEBUG Quick1X.DeviceInfo - Interface Type :6
2021-07-08 14:15:19,924 [null] DEBUG Quick1X.DeviceInfo - Interface state :2
2021-07-08 14:15:19,924 [null] DEBUG Quick1X.DeviceInfo - Trying to filter :Intel(R) Ethernet Connection (4) I219-LM
2021-07-08 14:15:19,924 [null] DEBUG Quick1X.DeviceInfo - Trying to filter (Unicode) :Intel(R) Ethernet Connection (4) I219-LM
2021-07-08 14:15:19,924 [null] DEBUG Quick1X.DeviceInfo - Adapter GUID:75989E59-A656-40D4-A04C-4C226B8137C8
2021-07-08 14:15:19,924 [null] DEBUG Quick1X.DeviceInfo - Description: Intel(R) Ethernet Connection (4) I219-LM
2021-07-08 14:15:19,924 [null] DEBUG Quick1X.DeviceInfo - Name: Ethernet
2021-07-08 14:15:19,924 [null] DEBUG Quick1X.DeviceInfo - State: DISCONNECTED
2021-07-08 14:15:19,924 [null] DEBUG Quick1X.DeviceInfo - DHCP : Enabled
2021-07-08 14:15:19,924 [null] DEBUG Quick1X.DeviceInfo - DNS Registration: Enabled
2021-07-08 14:15:19,924 [null] DEBUG Quick1X.DeviceInfo - DNS by DHCP: Enabled
2021-07-08 14:15:19,924 [null] DEBUG Quick1X.DeviceInfo - MAC Address: C8:F7:50:10:8D:97
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Interface type : Wired
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Checking interface :Microsoft Wi-Fi Direct Virtual Adapter
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Interface Type :71
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Interface state :2
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Trying to filter :Microsoft Wi-Fi Direct Virtual Adapter
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Discarding interface : Microsoft Wi-Fi Direct Virtual Adapter
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Checking interface :Microsoft Wi-Fi Direct Virtual Adapter #2
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Interface Type :71
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Interface state :2
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Trying to filter :Microsoft Wi-Fi Direct Virtual Adapter #2
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Discarding interface : Microsoft Wi-Fi Direct Virtual Adapter #2
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Checking interface :Intel(R) Dual Band Wireless-AC 8265
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Interface Type :71
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Interface state :1
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Trying to filter :Intel(R) Dual Band Wireless-AC 8265
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Trying to filter (Unicode) :Intel(R) Dual Band Wireless-AC 8265
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Adapter GUID:8AEA6876-6590-4FA7-A239-572C324BD1B4
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Description: Intel(R) Dual Band Wireless-AC 8265
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Name: Wi-Fi
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - State: CONNECTED
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - DHCP : Enabled
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - DNS Registration: Enabled
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - DNS by DHCP: Enabled
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - MAC Address: 50:76:AF:19:8C:50
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Interface type : Wireless
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Checking interface :Bluetooth Device (Personal Area Network)
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Interface Type :6
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Interface state :2
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Trying to filter :Bluetooth Device (Personal Area Network)
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Discarding interface : Bluetooth Device (Personal Area Network)
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Checking interface :Software Loopback Interface 1
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Interface Type :24
2021-07-08 14:15:19,925 [null] DEBUG Quick1X.DeviceInfo - Interface state :1
2021-07-08 14:15:19,926 [null] DEBUG Quick1X.QuickConnectDlg - Downloading device credentials from the Onboard server -
https://cppmdemo.2plus.co.il/onboard/mdps_qc_enroll.php2021-07-08 14:15:19,926 [null] DEBUG Quick1X.QuickConnectDlg - Checking whether bypass proxy is false or true
2021-07-08 14:15:19,926 [null] DEBUG Quick1X.QuickConnectDlg - Bypass proxy is false
2021-07-08 14:15:19,926 [null] DEBUG Quick1X.QuickConnectDlg - Onboard server Host Name
cppmdemo.2plus.co.il2021-07-08 14:15:19,926 [null] DEBUG Quick1X.QuickConnectDlg - Onboard server URL Path /onboard/mdps_qc_enroll.php
2021-07-08 14:15:19,926 [null] DEBUG Quick1X.QuickConnectDlg - Retrieving value of Validate-Server-Certificate option
2021-07-08 14:15:19,926 [null] INFO Quick1X.QuickConnectDlg - Disabling Onboard server certificate validation
2021-07-08 14:15:19,926 [null] DEBUG Quick1X.QuickConnectDlg - Detected Windows version - Windows 10
2021-07-08 14:15:20,178 [null] ERROR Quick1X.QuickConnectDlg - Received error HTTP Status code - 403
2021-07-08 14:15:20,178 [null] DEBUG Quick1X.Util - Running config task as logged in user
Script Log
==========
08/07/2021 13:23:17 Adapter type detect starting
08/07/2021 13:23:17 Intel(R) Ethernet Connection (4) I219-LM Type: 0
08/07/2021 13:23:17 Intel(R) Dual Band Wireless-AC 8265 Type: 9
08/07/2021 13:23:17 Bluetooth Device (Personal Area Network) Type: 10
08/07/2021 13:23:17 Microsoft Wi-Fi Direct Virtual Adapter Type: 9
08/07/2021 13:23:17 Microsoft Wi-Fi Direct Virtual Adapter #2 Type: 9
08/07/2021 14:15:19 Adapter type detect starting
08/07/2021 14:15:19 Intel(R) Ethernet Connection (4) I219-LM Type: 0
08/07/2021 14:15:19 Intel(R) Dual Band Wireless-AC 8265 Type: 9
08/07/2021 14:15:19 Bluetooth Device (Personal Area Network) Type: 10
08/07/2021 14:15:19 Microsoft Wi-Fi Direct Virtual Adapter Type: 9
08/07/2021 14:15:19 Microsoft Wi-Fi Direct Virtual Adapter #2 Type: 9
Helper Log
==========
------------------------------
(*) If i helped you , Please do kudos me as a thank you (*)
Aruba AirHeads - Because mobility matters.
------------------------------
Original Message:
Sent: Jul 07, 2021 07:34 PM
From: Asela Abhayapala
Subject: ClearPass - 802.1x In front of G-Suite with Ldap connector - is it possiabble? (using only user and password?)
It is possible with onboarding. You can't use Google Secure LDAP for direct 802.1x. But can use it as authentication source for onboarding process and then use EAP-TLS (Clearpass as CA) and G. SLDAP for authorisation.
------------------------------
Asela Abhayapala
Original Message:
Sent: Jul 06, 2021 10:11 AM
From: Asa Birenbaum
Subject: ClearPass - 802.1x In front of G-Suite with Ldap connector - is it possiabble? (using only user and password?)
Hi AirHeads,
I just started a small PoC with ClearPass at one of my clients, He would like to create 802.1x in front of his employees DB located behind G-Suite (Google Services)
I follow the guides in order to create the G-Suite as a auth source,And i even can scan the group/user/tree from the CPPM
Screenshot:
, But when i was trying to create 802.1x (U/P) networks based on that auth sources..user auth keeps failed. (Even due user is not failing in front of the G-Suite auth)
A. Should it work? (And if Yes,Is there any doc about it ?
B. Is on SAML/OAUTH2 with CP ONBOARD is possible?
C. any tip regarding this manner of connecting G-Suite to CPPM in order to auth 802.1x in front of it will be lovely ..Agian ...If its possible at all.
Thanks.
Me
------------------------------
(*) If i helped you , Please do kudos me as a thank you (*)
Aruba AirHeads - Because mobility matters.
------------------------------