Security

 View Only

  • 1.  $ showing up on machine authentication username

    Posted Feb 12, 2025 01:31 PM

    The setup uses EAP-TEAP, which works as desired.    This appears to be cosmetic.

    Clearpass shows the machine name with a "$" at the end of the string, but the $ does not appear in the certificate.    It does not append this character to the user certificates.

    Has anyone seen this behavior, and is there a way to strip the $?



  • 2.  RE: $ showing up on machine authentication username

    Posted Feb 12, 2025 02:11 PM

    Return the desired username as part of the RADIUS accept.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------

    Original Message


  • 3.  RE: $ showing up on machine authentication username

    Posted Feb 12, 2025 02:48 PM

    Is there a way to do regex conditions on an enforcement profiles to strip characters?


    Original Message


  • 4.  RE: $ showing up on machine authentication username

    Posted Feb 12, 2025 03:04 PM

    You'd need to use a query against an auth source to do so.  Easier to find the value you want in the computed attributes and return that as the username, if such exists.

    The $, based on https://arubanetworking.hpe.com/techdocs/NAC/tech-corner/teap/#create-enforcement-profiles-and-policies, is expected.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------

    Original Message


  • 5.  RE: $ showing up on machine authentication username

    Posted Feb 13, 2025 12:15 AM

    You can Strip the "$" from the username by Modifying the Authentication Source Setting: 

    Go to ClearPass Policy Manager -> Configuration -> Authentication -> Sources.
    Select your authentication source (Active Directory)
    In the Attributes tab, create a filter using Regex to remove or replace the "$" in the username.

    You can do something like: (sAMAccountName={{User-Name}}) or (sAMAccountName={{User-Name | regex_replace:"\$",""}})



    ------------------------------
    Shpat | ACEP | ACMP | ACCP | ACDP |
    -Just an Aruba enthusiast and contributor by cases-
    ------------------------------

    Original Message


  • 6.  RE: $ showing up on machine authentication username

    Posted Feb 13, 2025 08:02 AM

    Thanks shpat.   I'll save the regex option for authentication sources in my toolbox or tricks.   

    I doesn't think it helps with my current setup because we aren't doing authorization against the device certificate, only authenticating it against the trust chain.    It is a cosmetic concern for now, but if it becomes a bigger issue we may need to built in authorization against intune to pull the device name.

    Thanks everyone for your replies.   They are appreciated!


    Original Message


Related Content