The username is sent by the client, so there must be something different. If you use PEAP with single-sign on (DEPRECATED!) it depends on the user how they enter their username in the login screen, like with or without domain and in \ or @ form. With client certificates, you have better control over what happens. From the available information it's not possible to tell why this happens. I'd recommend to have a look with your HPE Aruba partner or with TAC to the live deployment and configuration.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Feb 14, 2025 08:33 AM
From: ARP67
Subject: ClearPass - users with and without domain, why ?
Thanks for your help !
I dont really understand all the part of your answer :
But why some users show up with the domain in the IETF:Username and some dont ? its exactly the same configuration for both.
I was thinking about the way they log into their computer (like : domaine\name or juste name or name@domaine.com) but nothing change
Original Message:
Sent: Feb 14, 2025 05:36 AM
From: Herman Robers
Subject: ClearPass - users with and without domain, why ?
The user displayed in the switch is the username sent by the client, or optionally overridden by the IETF:Username that is returned by ClearPass.
If you don't return the IETF:Username, the client name is supposed to be the same as you see in Access Tracker in ClearPass, and this is quite common if you have domain joined computers that prepend (or append) the domain name in addition to the actual username. If you enter the username without domain in for example a BYOD device/phone, you may not see it.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Feb 14, 2025 05:10 AM
From: ARP67
Subject: ClearPass - users with and without domain, why ?
Hello,
When i use the command "show port-access clients" i show a user who doesnt have the domain of my compagny (see the red square on the screen)
The user is well identified and connected to the domain, and have the good clearpass policy applicated.
Do you know why only for this user no domain show up in the "show port-access clients" ? you can see other users with domain starting with P**** and the \ before the username
Thanks in advance !