Security

Hi,

I have a strange behaviour that I have seen years ago in older ClearPass versions too (e.g. 6.7) and it still bugs me. 

My customer wants a MAC based device self-registration for guest access. They have Cisco and Aruba APs both, so I am using the CoA method with redirect URL for both. Using a modified copy of the mac_create form. 

After the MAC self-registration the Webauth happens but sometimes  in the output result the Endpoint:Guest Role ID and Endpoint:Username does not get the proper values just the name of the variables %{GuestUser:Role ID} and {%GuestUser:Visitor Name}.  When that happens also the Expire-Time-Update:GuestUser value is %{GuestUser:expire_postologin} and the Expiry-Check:Expiry-Action gets only the name of the variable %{GuestUser:do_expire} instead of the real value. See screenshot.

What version are you running and have you opened a case with TAC?

Hi,

I have a strange behaviour that I have seen years ago in older ClearPass versions too (e.g. 6.7) and it still bugs me. 

My customer wants a MAC based device self-registration for guest access. They have Cisco and Aruba APs both, so I am using the CoA method with redirect URL for both. Using a modified copy of the mac_create form. 

After the MAC self-registration the Webauth happens but sometimes  in the output result the Endpoint:Guest Role ID and Endpoint:Username does not get the proper values just the name of the variables %{GuestUser:Role ID} and {%GuestUser:Visitor Name}.  When that happens also the Expire-Time-Update:GuestUser value is %{GuestUser:expire_postologin} and the Expiry-Check:Expiry-Action gets only the name of the variable %{GuestUser:do_expire} instead of the real value. See screenshot.

Hi,

I have 6.11.9 and have not yet opened TAC case, but I will.

Thanks

Istvan

What version are you running and have you opened a case with TAC?

Hi,

I have a strange behaviour that I have seen years ago in older ClearPass versions too (e.g. 6.7) and it still bugs me. 

My customer wants a MAC based device self-registration for guest access. They have Cisco and Aruba APs both, so I am using the CoA method with redirect URL for both. Using a modified copy of the mac_create form. 

After the MAC self-registration the Webauth happens but sometimes  in the output result the Endpoint:Guest Role ID and Endpoint:Username does not get the proper values just the name of the variables %{GuestUser:Role ID} and {%GuestUser:Visitor Name}.  When that happens also the Expire-Time-Update:GuestUser value is %{GuestUser:expire_postologin} and the Expiry-Check:Expiry-Action gets only the name of the variable %{GuestUser:do_expire} instead of the real value. See screenshot.

Did you or TAC find a solution to this problem? We are seeing the same thing in our environment with 6.11.10. In the instances where it works correctly, you can see it open the DB in the logs before returning GuestUserSPtr:

ExtDB.DBHandle - Creating DB Connection with DRIVER=PostgreSQL;SERVER=localhost;PORT=0;DATABASE=tipsdb

But when it fails to look it up, it doesn't look like it attempts to open the DB at all and just returns NULL for GuestUserSPtr.

Hi,

I have 6.11.9 and have not yet opened TAC case, but I will.

Thanks

Istvan

What version are you running and have you opened a case with TAC?

Hi,

I have a strange behaviour that I have seen years ago in older ClearPass versions too (e.g. 6.7) and it still bugs me. 

My customer wants a MAC based device self-registration for guest access. They have Cisco and Aruba APs both, so I am using the CoA method with redirect URL for both. Using a modified copy of the mac_create form. 

After the MAC self-registration the Webauth happens but sometimes  in the output result the Endpoint:Guest Role ID and Endpoint:Username does not get the proper values just the name of the variables %{GuestUser:Role ID} and {%GuestUser:Visitor Name}.  When that happens also the Expire-Time-Update:GuestUser value is %{GuestUser:expire_postologin} and the Expiry-Check:Expiry-Action gets only the name of the variable %{GuestUser:do_expire} instead of the real value. See screenshot.