Security

I have installed a new ClearPass 6.11.0 server and restored a configuration backup of a 6.10.7 installation.
Now my TACACS authentications are not appearing in the access tracker.
I can see the counters in the services increasing.
All Radius requests are normal in the access tracker.

I have checked on my Fortigate and monitored traffic and I can see the Tacacs request being answered by CPPM.

The authentication is also working as expected.

Best regards,
Rob Hassing

Hi Rob

I had the same issue in 6.10 after upgrading from 6.9.
The issue was solved by TAC, so I should contact TAC if I got this behavior. I don't think you can do anything.
In the cluster we had the issue on two out of three servers. One was working normally with the TACACS requests showing up in the Access Tracker

------------------------------
Best Regards
Jonas Hammarbäck
ACCX #1335, ACMP, ACDP, ACNSP, ACEP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------

Original Message:
Sent: Nov 01, 2022 11:47 AM
From: Rob Hassing
Subject: CPPM 6.11.0 TACACS not in access tracker

I have installed a new ClearPass 6.11.0 server and restored a configuration backup of a 6.10.7 installation.
Now my TACACS authentications are not appearing in the access tracker.
I can see the counters in the services increasing.
All Radius requests are normal in the access tracker.

I have checked on my Fortigate and monitored traffic and I can see the Tacacs request being answered by CPPM.

The authentication is also working as expected.

Best regards,
Rob Hassing

In my case after upgrade to 6.10.7 TACACS server on publisher just stop responding. Port 49 is closed and all TACACS requests are served from subscriber. Working with TAC on this problem, but no resolution on horizon yet.

Best, Gorazd

------------------------------
Gorazd Kikelj
------------------------------

Original Message:
Sent: Nov 01, 2022 11:52 AM
From: Jonas Hammarback
Subject: CPPM 6.11.0 TACACS not in access tracker

Hi Rob

I had the same issue in 6.10 after upgrading from 6.9.
The issue was solved by TAC, so I should contact TAC if I got this behavior. I don't think you can do anything.
In the cluster we had the issue on two out of three servers. One was working normally with the TACACS requests showing up in the Access Tracker

------------------------------
Best Regards
Jonas Hammarbäck
ACCX #1335, ACMP, ACDP, ACNSP, ACEP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution

Original Message:
Sent: Nov 01, 2022 11:47 AM
From: Rob Hassing
Subject: CPPM 6.11.0 TACACS not in access tracker

I have installed a new ClearPass 6.11.0 server and restored a configuration backup of a 6.10.7 installation.
Now my TACACS authentications are not appearing in the access tracker.
I can see the counters in the services increasing.
All Radius requests are normal in the access tracker.

I have checked on my Fortigate and monitored traffic and I can see the Tacacs request being answered by CPPM.

The authentication is also working as expected.

Best regards,
Rob Hassing

Curious what the use-cases are for upgrading/running 6.11.0?  Typically running a .0 release is not recommended.  I always like waiting until at least the first patch is released.
Original Message:
Sent: Nov 01, 2022 11:47 AM
From: Rob Hassing
Subject: CPPM 6.11.0 TACACS not in access tracker

I have installed a new ClearPass 6.11.0 server and restored a configuration backup of a 6.10.7 installation.
Now my TACACS authentications are not appearing in the access tracker.
I can see the counters in the services increasing.
All Radius requests are normal in the access tracker.

I have checked on my Fortigate and monitored traffic and I can see the Tacacs request being answered by CPPM.

The authentication is also working as expected.

Best regards,
Rob Hassing

This is not a real production environment and I would like to test the upgrade procedure.
Original Message:
Sent: Nov 02, 2022 09:40 AM
From: Unknown User
Subject: CPPM 6.11.0 TACACS not in access tracker

Curious what the use-cases are for upgrading/running 6.11.0?  Typically running a .0 release is not recommended.  I always like waiting until at least the first patch is released.
Original Message:
Sent: Nov 01, 2022 11:47 AM
From: Rob Hassing
Subject: CPPM 6.11.0 TACACS not in access tracker

I have installed a new ClearPass 6.11.0 server and restored a configuration backup of a 6.10.7 installation.
Now my TACACS authentications are not appearing in the access tracker.
I can see the counters in the services increasing.
All Radius requests are normal in the access tracker.

I have checked on my Fortigate and monitored traffic and I can see the Tacacs request being answered by CPPM.

The authentication is also working as expected.

Best regards,
Rob Hassing

It's not really upgrade. It is migration due to change in the underlaying linux distribution to RedHat enterprise. So you need to install new Clearpass server and import databases, certificates and other bits and pieces.

Best, Gorazd

------------------------------
Gorazd Kikelj
------------------------------

Original Message:
Sent: Nov 02, 2022 10:48 AM
From: Rob Hassing
Subject: CPPM 6.11.0 TACACS not in access tracker

This is not a real production environment and I would like to test the upgrade procedure.
Original Message:
Sent: Nov 02, 2022 09:40 AM
From: Unknown User
Subject: CPPM 6.11.0 TACACS not in access tracker

Curious what the use-cases are for upgrading/running 6.11.0?  Typically running a .0 release is not recommended.  I always like waiting until at least the first patch is released.
Original Message:
Sent: Nov 01, 2022 11:47 AM
From: Rob Hassing
Subject: CPPM 6.11.0 TACACS not in access tracker

I have installed a new ClearPass 6.11.0 server and restored a configuration backup of a 6.10.7 installation.
Now my TACACS authentications are not appearing in the access tracker.
I can see the counters in the services increasing.
All Radius requests are normal in the access tracker.

I have checked on my Fortigate and monitored traffic and I can see the Tacacs request being answered by CPPM.

The authentication is also working as expected.

Best regards,
Rob Hassing

According to the documentation it was possible to restore a backup of the 6.10.7 installation.
Original Message:
Sent: Nov 02, 2022 01:16 PM
From: Gorazd Kikelj
Subject: CPPM 6.11.0 TACACS not in access tracker

It's not really upgrade. It is migration due to change in the underlaying linux distribution to RedHat enterprise. So you need to install new Clearpass server and import databases, certificates and other bits and pieces.

Best, Gorazd

------------------------------
Gorazd Kikelj

Original Message:
Sent: Nov 02, 2022 10:48 AM
From: Rob Hassing
Subject: CPPM 6.11.0 TACACS not in access tracker

This is not a real production environment and I would like to test the upgrade procedure.
Original Message:
Sent: Nov 02, 2022 09:40 AM
From: Unknown User
Subject: CPPM 6.11.0 TACACS not in access tracker

Curious what the use-cases are for upgrading/running 6.11.0?  Typically running a .0 release is not recommended.  I always like waiting until at least the first patch is released.
Original Message:
Sent: Nov 01, 2022 11:47 AM
From: Rob Hassing
Subject: CPPM 6.11.0 TACACS not in access tracker

I have installed a new ClearPass 6.11.0 server and restored a configuration backup of a 6.10.7 installation.
Now my TACACS authentications are not appearing in the access tracker.
I can see the counters in the services increasing.
All Radius requests are normal in the access tracker.

I have checked on my Fortigate and monitored traffic and I can see the Tacacs request being answered by CPPM.

The authentication is also working as expected.

Best regards,
Rob Hassing

Herman did a great youtube video on this topic.

Video link

Best, Gorazd

------------------------------
Gorazd Kikelj
------------------------------

Original Message:
Sent: Nov 03, 2022 05:25 AM
From: Rob Hassing
Subject: CPPM 6.11.0 TACACS not in access tracker

According to the documentation it was possible to restore a backup of the 6.10.7 installation.
Original Message:
Sent: Nov 02, 2022 01:16 PM
From: Gorazd Kikelj
Subject: CPPM 6.11.0 TACACS not in access tracker

It's not really upgrade. It is migration due to change in the underlaying linux distribution to RedHat enterprise. So you need to install new Clearpass server and import databases, certificates and other bits and pieces.

Best, Gorazd

------------------------------
Gorazd Kikelj

Original Message:
Sent: Nov 02, 2022 10:48 AM
From: Rob Hassing
Subject: CPPM 6.11.0 TACACS not in access tracker

This is not a real production environment and I would like to test the upgrade procedure.
Original Message:
Sent: Nov 02, 2022 09:40 AM
From: Unknown User
Subject: CPPM 6.11.0 TACACS not in access tracker

Curious what the use-cases are for upgrading/running 6.11.0?  Typically running a .0 release is not recommended.  I always like waiting until at least the first patch is released.
Original Message:
Sent: Nov 01, 2022 11:47 AM
From: Rob Hassing
Subject: CPPM 6.11.0 TACACS not in access tracker

I have installed a new ClearPass 6.11.0 server and restored a configuration backup of a 6.10.7 installation.
Now my TACACS authentications are not appearing in the access tracker.
I can see the counters in the services increasing.
All Radius requests are normal in the access tracker.

I have checked on my Fortigate and monitored traffic and I can see the Tacacs request being answered by CPPM.

The authentication is also working as expected.

Best regards,
Rob Hassing

I had the same issue too on v6.11.6.. TAC confirmed this is a known bug in v6.11 and is slated to be fixed in v6.12. Until then, to fix this TAC has log in to CPPM with shell access and run the following command:

psql -U appsuperuser -d tipsLogDb -p 5433 < /usr/local/avenda/common/share/schema/tipsLogDb/tables/70-tacacs-server-stored-procs.sql

TACACS requests started showing up in access tracker immediately and I was told this command would remain after any CPPM reboots.  

 

Original Message:
Sent: Nov 03, 2022 08:54 AM
From: GorazdKikelj
Subject: CPPM 6.11.0 TACACS not in access tracker

Herman did a great youtube video on this topic.

Video link

Best, Gorazd

------------------------------
Gorazd Kikelj

Original Message:
Sent: Nov 03, 2022 05:25 AM
From: Rob Hassing
Subject: CPPM 6.11.0 TACACS not in access tracker

According to the documentation it was possible to restore a backup of the 6.10.7 installation.
Original Message:
Sent: Nov 02, 2022 01:16 PM
From: Gorazd Kikelj
Subject: CPPM 6.11.0 TACACS not in access tracker

It's not really upgrade. It is migration due to change in the underlaying linux distribution to RedHat enterprise. So you need to install new Clearpass server and import databases, certificates and other bits and pieces.

Best, Gorazd

------------------------------
Gorazd Kikelj

Original Message:
Sent: Nov 02, 2022 10:48 AM
From: Rob Hassing
Subject: CPPM 6.11.0 TACACS not in access tracker

This is not a real production environment and I would like to test the upgrade procedure.
Original Message:
Sent: Nov 02, 2022 09:40 AM
From: Unknown User
Subject: CPPM 6.11.0 TACACS not in access tracker

Curious what the use-cases are for upgrading/running 6.11.0?  Typically running a .0 release is not recommended.  I always like waiting until at least the first patch is released.
Original Message:
Sent: Nov 01, 2022 11:47 AM
From: Rob Hassing
Subject: CPPM 6.11.0 TACACS not in access tracker

I have installed a new ClearPass 6.11.0 server and restored a configuration backup of a 6.10.7 installation.
Now my TACACS authentications are not appearing in the access tracker.
I can see the counters in the services increasing.
All Radius requests are normal in the access tracker.

I have checked on my Fortigate and monitored traffic and I can see the Tacacs request being answered by CPPM.

The authentication is also working as expected.

Best regards,
Rob Hassing