Security

last person joined: 18 minutes ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

6.3.4.6 issue having role add after Authentication

  • 1.  6.3.4.6 issue having role add after Authentication

    Posted Jul 14, 2014 08:00 PM

    Hi everyone

     

    Is anyone having problem with role not being added after Authenticating in 6.3.4.6. It was working fine till I upgraded now I can not login to cppm or authenticating using 802.x1 with AD credential. Anyone else have a issue after upgrading?

     

    Thanks

    Raul Bracamontes

    LEUSD 



  • 2.  RE: 6.3.4.6 issue having role add after Authentication

    Posted Jul 14, 2014 08:03 PM
    Can you login with the admin account and look at access tracker to see what's happening?


  • 3.  RE: 6.3.4.6 issue having role add after Authentication

    Posted Jul 15, 2014 11:06 AM

    Thanks for Responding Cappalli. 

    I am getting this.

     

     

     

    Service Name :

    AD auth for CPPM ClearPass Admin Access (Active Directory)
    Authentication Source :
    AD Authentication
    Role:
     [User Authenticated], [Other]
    Profiles:
    [TACACS Deny Profile]

     

    The [other]  Role should be TACACS Helpdesk

     

    Session ID:
    T00000013-01-53c462e7
    Time:
    Jul 14, 2014 16:08:23 PDT
    Status:
    AUTHEN_STATUS_FAIL
     
    Request Type :
    TACACS_AUTHENTICATION
     
    Message:
    -
    Client IP :
    127.0.0.1:
    Error Category:
    Tacacs authentication
    Error Code:
    Authentication privilege level mismatch
     Alerts for this Request :
    Tacacs serverRequested priv_level=[01] greater than Max Allowed priv_level=[00]
     Authorization Requests Messages 
     


  • 4.  RE: 6.3.4.6 issue having role add after Authentication

    Posted Jul 15, 2014 12:34 PM

    Check the privilege level in the enforcement profile, you will need to change the MAX level to 1 not 0.  



  • 5.  RE: 6.3.4.6 issue having role add after Authentication

    Posted Jul 15, 2014 12:45 PM

    They have 1



  • 6.  RE: 6.3.4.6 issue having role add after Authentication

    Posted Jul 15, 2014 01:02 PM

    Have you defined the tips role Other in the enforcement policy?



  • 7.  RE: 6.3.4.6 issue having role add after Authentication

    Posted Jul 15, 2014 01:03 PM
    [TACACS Deny Profile]


  • 8.  RE: 6.3.4.6 issue having role add after Authentication

    Posted Jul 15, 2014 01:07 PM

    It was working before I did the update.



  • 9.  RE: 6.3.4.6 issue having role add after Authentication

    Posted Jul 16, 2014 02:08 AM

    Please make sure you have a TAC case open. Its looks like you might have had a file that did not migrate correctly. It might be as simple as importing an updated dictionary file or TAC may need to login as root.



  • 10.  RE: 6.3.4.6 issue having role add after Authentication

    Posted Sep 24, 2014 04:14 PM

    What was the outcome on this problem?  I am doing a fresh install and have followed the documentation about setting up TACACS and I either get the default read only admin or if I get away from using roles and just enforcement policy I get the same "Requested priv_level=[01] greater than Max Allowed priv_level=[00]" Error.