Security

 View Only
last person joined: 23 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

clearpass 6.8.6 jamf 3.0.1

This thread has been viewed 24 times

  • 1.  clearpass 6.8.6 jamf 3.0.1

    MVP EXPERT
    Posted Nov 17, 2020 05:07 PM
    Curently runniing jamf extension on a dev cppm server cluster( 6.9.3) and its fine.

    Have ported config to our production cluster (6.8.6)  and get the following error

    [2020-11-17T21:53:44.281] [INFO] JAMF - SSL Verification Enabled. (Config: "verifySSLCerts": true)
[2020-11-17T21:53:44.287] [INFO] JAMF - Initalizing JAMF extension...
[2020-11-17T21:53:44.288] [INFO] JAMF - Stats tracking is enabled.
[2020-11-17T21:53:44.290] [INFO] JAMF - Starting stats web service...
[2020-11-17T21:53:44.292] [INFO] JAMF - Stats web server listening on port 8080.
[2020-11-17T21:53:44.317] [INFO] JAMF - Next endpoint sync is scheduled at Tue Nov 17 2020 22:00:00 GMT+0000.
[2020-11-17T21:53:44.326] [INFO] JAMF - Stats database configured. Stats logging starting now.
[2020-11-17T21:53:44.334] [ERROR] JAMF - Error loading version information. Request failed with status code 403
[2020-11-17T21:53:44.334] [ERROR] JAMF - "<!DOCTYPE html><html>\n  <head>\n    <title>\n      Error 403 (Forbidden)\n    </title>\n    <script language=\"javascript\">\n        function reloadPage() {\n            var locHref = window.location.protocol + \"//\" + window.location.hostname;\n            window.location.href = locHref;\n        }\n    </script>\n  </head>\n  <body onload=\"setTimeout(reloadPage, 5000);\">\n    <table border=0 cellpadding=0 cellspacing=0 height=100% width=100%>\n      <tr style=\"height:20%\">\n        <td width=10%> \n          &nbsp;\n        </td>\n      </tr>\n      <tr style=\"height:10%\">\n        <td style=\"font-size: 25px;padding-left: 20%;\">\n\t   Error 403: Forbidden\n        </td>\n      </tr>\n      <tr style=\"height:10%; vertical-align: top;\">\n        <td style=\"font-size: 20px;padding-left: 20%;\">\n          Error in accessing application. Redirecting in 5 seconds...\n        </td>\n      </tr>\n      <tr style=\"height:10%; vertical-align: top;\">\n        <td style=\"font-size: 18px;padding-left: 20%;\">\n\t You are not permitted to access the application. Please contact your network administrator for further assistance.\n        </td>\n      </tr>\n      <tr>\n        <td width=10%> \n          &nbsp;\n        </td>\n      </tr>\n    </table>\n  </body>\n</html>\n"
[2020-11-17T21:53:44.791] [INFO] JAMF - Logged in to skyhook.
    200 lines shown

    just wondering  what is generating the error . Have checked all the credentials



    ------------------------------
    Alex Sharaz
    ------------------------------


  • 2.  RE: clearpass 6.8.6 jamf 3.0.1

    MVP GURU
    Posted Nov 18, 2020 02:54 PM
    do you have check if the CPPM have access to internet ?

    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------

    Original Message


  • 3.  RE: clearpass 6.8.6 jamf 3.0.1

    MVP EXPERT
    Posted Nov 19, 2020 01:35 AM
    Hi
    Yup no problem with internet access

    Sent from my iPhone



    Original Message


  • 4.  RE: clearpass 6.8.6 jamf 3.0.1

    MVP
    Posted Nov 19, 2020 02:16 AM
    Alex,

    Is this node going via a PROXY to get to WWW?

    ------------------------------
    Danny Jump
    ------------------------------

    Original Message


  • 5.  RE: clearpass 6.8.6 jamf 3.0.1

    MVP EXPERT
    Posted Nov 19, 2020 10:56 AM
    Nope direct 

    Sent from my iPhone



    Original Message


  • 6.  RE: clearpass 6.8.6 jamf 3.0.1

    MVP
    Posted Nov 20, 2020 12:28 PM
    Alex,

    Looking at the log above, I see a 403, HTTP-403, this is an authorization issue {401 would typically be authentication} , are you using the same creds from TEST to PROD?

    One other query, do you have an CPPM Application controls in place??


    ------------------------------
    Danny Jump
    ------------------------------

    Original Message


  • 7.  RE: clearpass 6.8.6 jamf 3.0.1

    MVP EXPERT
    Posted Dec 01, 2020 03:43 AM
    Hi Danny,
    You were correct. On our dev cluster we dont have any ACLs retricting access to cppm gui, API etc. On our porduction service we do. Simply adding the 172.17. Address of the JSMF extension to policy manager ( well did PM and CPPM API) did the trick. Everything seems to be working now and  can see endpoints entries with JAMF attributes in them

    Rgds
    Alex

    ------------------------------
    Alex Sharaz
    ------------------------------

    Original Message


  • 8.  RE: clearpass 6.8.6 jamf 3.0.1

    MVP
    Posted Dec 01, 2020 12:28 PM
    YEAH :).....

    ------------------------------
    Danny Jump
    "Passionate about CPPM"
    ------------------------------

    Original Message