Security

last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass Policy Manager Login with Active Directory

  • 1.  ClearPass Policy Manager Login with Active Directory

    Posted Feb 25, 2020 11:19 PM

    I've always logged in to the Policy Manager using a local administrator account.

    I then read up details on how to configure how to login using my AD credentials - using a copy of the Policy Manager Admin Network Login Service.

    However, I noticed that my Policy Manager Admin Network Login Service isnt actually enabled according to my service list..

     

    If so - whats processing my login? In the event viewer my login is sourced from Policy Manager UI.

     



  • 2.  RE: ClearPass Policy Manager Login with Active Directory

    Posted Feb 26, 2020 05:15 AM

    If you type the admin password incorrectly, does it show in the access tracker then?



  • 3.  RE: ClearPass Policy Manager Login with Active Directory

    Posted Feb 26, 2020 05:58 AM
      |   view attached

    In the attachment i send you an example of the service configuration as i used in my HomeLAB.

     

    Please note then when you login to ccpm with the local "admin" account there is no service for that, it works always regardless of hitting any service or service configuration issue.

     

    Hope this help you!

     

    Attachment(s)

    pdf
    example.pdf   879K 1 version


  • 4.  RE: ClearPass Policy Manager Login with Active Directory

    Posted Feb 26, 2020 05:25 PM

    So if I type in the admin password incorrectly, it shows a Reject in Access Tracker with no Service attached to it;

     

    Error Category: Authentication failure
    Error Code: Failed to classify request to service
    Tacacs server ServiceClassification failed, reason=PolicyServer returned empty service

     

    If I type in the admin password correctly, it doesn't show up in Access Track, but I go get an INFO level event in the Event Viewer that admin has logged in.

     

    I did follow the process here, https://blogs.arubanetworks.com/solutions/clearpass-operator-login-with-active-directory/, and AD Authentication works - I'm just confused as to where the original local admin login is being processed, unless its something that happens regardless of the services defined.

     



  • 5.  RE: ClearPass Policy Manager Login with Active Directory

    Posted Feb 26, 2020 05:37 PM

    local admin login is a internal process of cppm, and always work, there is no service for that. 

    if the local admin password not match the local admin account it “try” the tacacs service if the account match an AD account. Thats why it hit your service by a password mismatch.

     

    lokal admin account always works, so when you make a configuration fault in your services you not been locked out.



  • 6.  RE: ClearPass Policy Manager Login with Active Directory

    Posted Feb 26, 2020 06:36 AM

    At present, are you logging in as local admin or using your AD credentials?