Security

Hi,

Could you help regarding eap-teap config on clearpass, the config works fine (chaining is ok) but i would like to see the machine hostname in the access tracker when the computer is on the login screen . For now i have to select which method i would see in the tracker, see below user (method2) is selected.

when user is login , eveything is ok

but when the computer is on the logon screen (username stay blank)

is there any solution to seen the computer name from method 1 in the tracker ? 

thanks for your help

Patrick.

If you want to see the computer account (Method-1), select that in your TEAP Authentication method.

For even further flexibility you can return the IETF:Username with the Authentication-TEAP-Method-1 or Authentication-TEAP-Method-2 or even another attribute or value during your enforcement. The IETF:Username, when returned in an Enforcement will override the sent username (generic) or the method-1 or 2 username (TEAP Method); and allow you for example to return the Computer (Method-1) name if the User (Method-2) fails; or the Username if computer auth fails.

Hi,

Could you help regarding eap-teap config on clearpass, the config works fine (chaining is ok) but i would like to see the machine hostname in the access tracker when the computer is on the login screen . For now i have to select which method i would see in the tracker, see below user (method2) is selected.

when user is login , eveything is ok

but when the computer is on the logon screen (username stay blank)

is there any solution to seen the computer name from method 1 in the tracker ? 

thanks for your help

Patrick.

Thanks Herman , it's works , i have now the name of the computer in the tracker,

another issue is that i cannot not verify the computer (teap method1) , i have no AD info in the input

when i check with only eap-tls (machine authentication) i have well the correct info.

any idea ?

thanks for your help.

If you want to see the computer account (Method-1), select that in your TEAP Authentication method.

For even further flexibility you can return the IETF:Username with the Authentication-TEAP-Method-1 or Authentication-TEAP-Method-2 or even another attribute or value during your enforcement. The IETF:Username, when returned in an Enforcement will override the sent username (generic) or the method-1 or 2 username (TEAP Method); and allow you for example to return the Computer (Method-1) name if the User (Method-2) fails; or the Username if computer auth fails.

Hi,

Could you help regarding eap-teap config on clearpass, the config works fine (chaining is ok) but i would like to see the machine hostname in the access tracker when the computer is on the login screen . For now i have to select which method i would see in the tracker, see below user (method2) is selected.

when user is login , eveything is ok

but when the computer is on the logon screen (username stay blank)

is there any solution to seen the computer name from method 1 in the tracker ? 

thanks for your help

Patrick.

You may duplicate your AD Authentication Source, and in there in the query change the Authentication:Username to Authentication:TEAP-Method-1-Username; or even have 2 auth sources under authorization one for computer and one for user authentication. In the end, these values are just the output of LDAP queries, which you can fully customize.

Thanks Herman , it's works , i have now the name of the computer in the tracker,

another issue is that i cannot not verify the computer (teap method1) , i have no AD info in the input

when i check with only eap-tls (machine authentication) i have well the correct info.

any idea ?

thanks for your help.

If you want to see the computer account (Method-1), select that in your TEAP Authentication method.

For even further flexibility you can return the IETF:Username with the Authentication-TEAP-Method-1 or Authentication-TEAP-Method-2 or even another attribute or value during your enforcement. The IETF:Username, when returned in an Enforcement will override the sent username (generic) or the method-1 or 2 username (TEAP Method); and allow you for example to return the Computer (Method-1) name if the User (Method-2) fails; or the Username if computer auth fails.

Hi,

Could you help regarding eap-teap config on clearpass, the config works fine (chaining is ok) but i would like to see the machine hostname in the access tracker when the computer is on the login screen . For now i have to select which method i would see in the tracker, see below user (method2) is selected.

when user is login , eveything is ok

but when the computer is on the logon screen (username stay blank)

is there any solution to seen the computer name from method 1 in the tracker ? 

thanks for your help

Patrick.

tryed to duplicate AD source  with this filter:

the username mention in the method 1 is : 

but in the tracker is see "\" character is added in the username: so it's not match 

any idea why enforcement profiles send me "\" + computer name ?

is it possible to remove the "\" in the filter ?

regards.

You may duplicate your AD Authentication Source, and in there in the query change the Authentication:Username to Authentication:TEAP-Method-1-Username; or even have 2 auth sources under authorization one for computer and one for user authentication. In the end, these values are just the output of LDAP queries, which you can fully customize.

Thanks Herman , it's works , i have now the name of the computer in the tracker,

another issue is that i cannot not verify the computer (teap method1) , i have no AD info in the input

when i check with only eap-tls (machine authentication) i have well the correct info.

any idea ?

thanks for your help.

If you want to see the computer account (Method-1), select that in your TEAP Authentication method.

For even further flexibility you can return the IETF:Username with the Authentication-TEAP-Method-1 or Authentication-TEAP-Method-2 or even another attribute or value during your enforcement. The IETF:Username, when returned in an Enforcement will override the sent username (generic) or the method-1 or 2 username (TEAP Method); and allow you for example to return the Computer (Method-1) name if the User (Method-2) fails; or the Username if computer auth fails.

Hi,

Could you help regarding eap-teap config on clearpass, the config works fine (chaining is ok) but i would like to see the machine hostname in the access tracker when the computer is on the login screen . For now i have to select which method i would see in the tracker, see below user (method2) is selected.

when user is login , eveything is ok

but when the computer is on the logon screen (username stay blank)

is there any solution to seen the computer name from method 1 in the tracker ? 

thanks for your help

Patrick.