Can you share the SQL logic you created to be able to reduce the number of profiles for returning the username?
Sounds like an interesting solution
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Jun 28, 2024 01:31 PM
From: Mflowers@beta.team
Subject: Display hostname on access tracker using TEAP authentication and DUR
I assume you have two different enforcement profiles for user+machine auth and just machine auth?
If so, you need to update your enforcement for the machine auth to send the computer name as the Radius:IETF:User-Name and the user+machine auth to send the user-name as the teap method-2.
In your picture you are sending Radius:IETF:User-Name twice. You have an enforcement profile applied that is trying to send Radius:IETF:User-Name =""
This is causing you an issue because you can not send the same RADIUS attribute with two different values - even if that value is NULL.
I had to work around this same thing - I wish Clearpass had the ability to understand if you had multiple radius values that are NULL and send the one that actually had a value.
I had to create some SQL logic so that I don't have 8 different Return-User-Name enforcement profiles for different reasons.
Original Message:
Sent: Jun 26, 2024 07:37 PM
From: cstathis
Subject: Display hostname on access tracker using TEAP authentication and DUR
Thanks Herman, I applied the second profile and the switch is now showing user name as expected. I am not able to see the hostname in access tracker after a successful TEAP method 1 auth. Any ideas? Ive spent some time on this and now am stuck
------------------------------
Con
Stathis
Original Message:
Sent: Jun 26, 2024 11:40 AM
From: Herman Robers
Subject: Display hostname on access tracker using TEAP authentication and DUR
You would not introduce this to your DUR enforcement profile. In your enforcement policy just apply two different profiles, one for the IETF User-Name, and one for the Role (or Downloadable User Role/DUR).
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Jun 26, 2024 03:35 AM
From: cstathis
Subject: Display hostname on access tracker using TEAP authentication and DUR
Team,
Looking for some help here,
I am able to successfully display hostname by adding a "Radius:IETF User-Name = %{Authentication:TEAP-Method-2-Username}" command to the standard clearpass enforcement profile, however, I am unable to see where I can introduce this command to the DUR enforcement profile. Is this possible?
------------------------------
Con
Stathis
------------------------------