Security

Hi,
I have a machine with clearpass 6.10 and a wired 802.1x service where the AD users log into the computers and are given the corresponding vlan.
Authenticate users correctly excelto a few that, instead of taking the user takes the computer name and does not give them the corresponding vlan:

can you help me?



------------------------------
Maite Oliv�n
------------------------------

Hi,
The machine is configured to use machine authentication  ( identified by fact that username starts with word host and ends with the FQDN of the machine.
This is a configuration thing so suspect the client system is set up to just use machine auth. You can  set up
User auth
machine auth
user and machine auth

All depends on the windows machine. If you are using machine auth, suspect system is a managed device so you need to go talk to  people who manage the client systems

Alex

------------------------------
Alex Sharaz
------------------------------

Original Message:
Sent: Nov 09, 2021 02:41 AM
From: Maite Oliv�n
Subject: Clearpass 6.10 problem with Access Tracker

Hi,
I have a machine with clearpass 6.10 and a wired 802.1x service where the AD users log into the computers and are given the corresponding vlan.
Authenticate users correctly excelto a few that, instead of taking the user takes the computer name and does not give them the corresponding vlan:

can you help me?

Computed Attributes

Authentication:ErrorCode 0

Authentication:Full-Username host/CIDEPP98A.intranet.xxx.es

Authentication:InnerMethod EAP-MSCHAPv2

Authentication:MacAuth NotApplicable

Authentication:NetBIOS-Name intranet.xxx.es

Authentication:OuterMethod EAP-PEAP

Authentication:Posture Unknown

Authentication:Source AD

Authentication:Status Machine

Authentication:Username xxx8A$

Authorization:Sources [Endpoints Repository], AD

Connection:Client-Mac-Address b0-5c-da-ad-52-5d

Connection:Client-Mac-Address-Colon b0:5c:da:ad:52:5d

Connection:Client-Mac-Address-Dot b05c.daad.525d

Connection:Client-Mac-Address-Hyphen b0-5c-da-ad-52-5d

Connection:Client-Mac-Address-NoDelim b05cdaad525d

Connection:Client-Mac-Address-Upper-Hyphen B0-5C-DA-AD-52-5D

Connection:Client-Mac-Vendor HP Inc.

Connection:Dest-IP-Address 192.168.2.208

Connection:Dest-Port 1812

Connection:NAD-IP-Address 192.168.1.97

Connection:Protocol RADIUS

Connection:Src-IP-Address 192.168.1.97

Connection:Src-Port 1812

Date:Date-Time 2021-11-09 08:21:28

Endpoint:Guest Role ID Equipos

Endpoint:MAC-Auth Expiry %{Authentication:[Time Source]:Six Months DT}

Endpoint:Username svalor

Host:FQDN xxx.intranet.xxx.es

Host:Name xxx8A

 

------------------------------
Maite Oliv�n
------------------------------

Thank you so much Alex

------------------------------
Maite Oliv�n
------------------------------

Original Message:
Sent: Nov 09, 2021 06:40 AM
From: Alex Sharaz
Subject: Clearpass 6.10 problem with Access Tracker

Hi,
The machine is configured to use machine authentication  ( identified by fact that username starts with word host and ends with the FQDN of the machine.
This is a configuration thing so suspect the client system is set up to just use machine auth. You can  set up
User auth
machine auth
user and machine auth

All depends on the windows machine. If you are using machine auth, suspect system is a managed device so you need to go talk to  people who manage the client systems

Alex

------------------------------
Alex Sharaz

Original Message:
Sent: Nov 09, 2021 02:41 AM
From: Maite Oliv�n
Subject: Clearpass 6.10 problem with Access Tracker

Hi,
I have a machine with clearpass 6.10 and a wired 802.1x service where the AD users log into the computers and are given the corresponding vlan.
Authenticate users correctly excelto a few that, instead of taking the user takes the computer name and does not give them the corresponding vlan:

can you help me?

Computed Attributes

Authentication:ErrorCode 0

Authentication:Full-Username host/CIDEPP98A.intranet.xxx.es

Authentication:InnerMethod EAP-MSCHAPv2

Authentication:MacAuth NotApplicable

Authentication:NetBIOS-Name intranet.xxx.es

Authentication:OuterMethod EAP-PEAP

Authentication:Posture Unknown

Authentication:Source AD

Authentication:Status Machine

Authentication:Username xxx8A$

Authorization:Sources [Endpoints Repository], AD

Connection:Client-Mac-Address b0-5c-da-ad-52-5d

Connection:Client-Mac-Address-Colon b0:5c:da:ad:52:5d

Connection:Client-Mac-Address-Dot b05c.daad.525d

Connection:Client-Mac-Address-Hyphen b0-5c-da-ad-52-5d

Connection:Client-Mac-Address-NoDelim b05cdaad525d

Connection:Client-Mac-Address-Upper-Hyphen B0-5C-DA-AD-52-5D

Connection:Client-Mac-Vendor HP Inc.

Connection:Dest-IP-Address 192.168.2.208

Connection:Dest-Port 1812

Connection:NAD-IP-Address 192.168.1.97

Connection:Protocol RADIUS

Connection:Src-IP-Address 192.168.1.97

Connection:Src-Port 1812

Date:Date-Time 2021-11-09 08:21:28

Endpoint:Guest Role ID Equipos

Endpoint:MAC-Auth Expiry %{Authentication:[Time Source]:Six Months DT}

Endpoint:Username svalor

Host:FQDN xxx.intranet.xxx.es

Host:Name xxx8A

 

------------------------------
Maite Oliv�n
------------------------------