Security

 View Only
last person joined: 8 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

CPG Admin user password reset for admins of operator profiles

This thread has been viewed 17 times
  • 1.  CPG Admin user password reset for admins of operator profiles

    Posted Aug 21, 2024 08:46 AM

    We use CP 6.11.9 and for MPSK have numerous Operator Profiles that allow admins to register devices  to our PSK SSID and get their own VLAN. This works well and we're getting on fine with it. However, I've never managed to get the 'Require a password change next login' function to work. So the admins can only use whatever password I set (or that is randomly created) when I set their account up.

    Does anyone know how to make this work for these admin accounts?

    And does CPG have a password reset function so that folks don't need to email me when they're forgotten their password? Our login screen doesn't have a link for a reset:
    Thanks

    Nathan.



    ------------------------------
    Nathan
    ------------------------------



  • 2.  RE: CPG Admin user password reset for admins of operator profiles

    EMPLOYEE
    Posted Aug 21, 2024 10:16 AM

    I would recommend opening a case with TAC on the change password piece.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 3.  RE: CPG Admin user password reset for admins of operator profiles

    Posted Aug 22, 2024 04:11 AM

    Ok, I'll pursue through our partner. Will post back here when I get any further with it.



    ------------------------------
    Nathan
    ------------------------------



  • 4.  RE: CPG Admin user password reset for admins of operator profiles

    Posted Aug 22, 2024 11:06 AM

    Where do you store your Admin accounts? CPG does not have an administrator list as far as I know. The screenshot that you shared seems to be for guest accounts, nor for admin accounts, although you COULD make guest accounts be able to sign in as operators to the guest portal.

    Normally you would use AD accounts or so for users to sign in to an operator profile.

    It's not clear what/how your configuration is, so working with your partner (who implemented this) may be a good idea.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 5.  RE: CPG Admin user password reset for admins of operator profiles

    Posted Aug 23, 2024 05:28 AM

    Fair questions, so to add clarity in the mean time:

    These accounts are not AD, they are for small businesses who occupy space on our premises, so they use the PSK network we provide rather than having their own wireless router.
    The admin accounts are those configured in CPG , and they are the contact within the business that is responsible for registering the business' devices to use the PSK SSID. Each of these accounts gets a role, in the clip below SME 2500 Device Role, that puts the devices on an explicit VLAN for that business. The problem I'm trying to get round is enabling the admin to change the password such as you can see in this image when they first log in, and to be able to reset it themselves if they forget it. The 'password action' field doesn't appear to have any function 

    After logging in, these business admins get the below page, and set about registering/creating devices for use on our premises.

    HTH

    Nathan.



    ------------------------------
    Nathan
    ------------------------------



  • 6.  RE: CPG Admin user password reset for admins of operator profiles

    Posted Aug 23, 2024 07:34 AM

    Ok, got it. So you use Guest Accounts to sign in as operator, and configured ClearPass to assign an operator role when they sign in to /guest/.

    In that case, I'd say that it's expected that the password change at first logon doesn't work. The force change password may only work in guest workflows, not in operator logins. You may be able to use the self-service portal for guests, as part of the self-registration workflow. In the self-service portal, users can at least change their password; you might need to change things on the self-registration page to avoid that guest accounts are created through that way.

    As this is all non-standard, it may be good to work with your Aruba partner and/or with support. It may require a deeper understanding of how features are used in a specific way.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------