Security

 View Only
last person joined: 18 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass + offline Domain status + alerts

Jump to Best Answer
This thread has been viewed 14 times
  • 1.  ClearPass + offline Domain status + alerts

    Posted Nov 12, 2021 11:42 AM
    Hello all: 

    I would like to generate an alert when one of my CPPM is domain "offline" but can't find a straight forward way of doing it.  Is there an error code for this specific event? 

    Thanks,
    MG

    ------------------------------
    Cheers!
    MG
    ------------------------------


  • 2.  RE: ClearPass + offline Domain status + alerts

    Posted Nov 12, 2021 01:20 PM
    What CPPM version are you running?  

    6.8.x includes warnings when it is unable to communicate with AD.   I'm assuming you're talking about AD Domains?

    Source RADIUS
    Level WARN
    Category AD Connection
    Action Unknown
    Timestamp Nov 10, 2021 05:00:51 EST
    Description
    Unable to establish connection with ...

    Best of luck, 

    --Raf

    ------------------------------
    RafaelHinojosa
    ------------------------------



  • 3.  RE: ClearPass + offline Domain status + alerts

    Posted Nov 12, 2021 04:23 PM
    6.9 version.  

    This is when the CCPM node shows Domain Status: offline and 802.1x authentications are failing and showing MASCHAP: AD status:No logon servers (0x000005e).  

    on the cli 

    [appadmin@myccpm-7]# show domain

    =======================================================
    Domain Information
    -------------------------------------------------------
    Domain Name : mydomain.local
    Domain NETBIOS Name : mydomain
    Domain Server Ip Address : 192.168.1.247
    Domain Server Name : dc.mydomain.local
    Domain Status : offline
    --------------------------------------

    we want to get notify as soon as the CCPM node shows Domain Status: offline

    ------------------------------
    Cheers!
    MG
    ------------------------------



  • 4.  RE: ClearPass + offline Domain status + alerts
    Best Answer

    Posted Nov 16, 2021 10:14 AM
    Hrm,

    I'm not sure...

    You might be able to use Insight to configure an Alert to be sent via e-mail or SMS; however, it looks as if (in 6.8) the only options are for ERROR level System Events - not sure if that is the case in 6.9 as well.  I setup a test, so I'll see if it triggers when our AD team performs any update / upgrade that takes an AD server offline momentarily.  

    When we were having issues way back in the day with CPPM & AD / the SAMBA service.  We setup a separate EAPOL Test to authenticate at one minute intervals to the CPPM server(s).  When the setup failed 2, or more consecutive tests we sent SMS & e-mail notifications.  This was a separate system, so it could have issues all of its own, but it did what we needed it to do & is still in use today.  

    Best of luck ,

    --Raf



    ------------------------------
    RafaelHinojosa
    ------------------------------