Problem:
Management user in Aruba controller not receiving correct privilege level via TACACS authentication
Diagnostics:
Management user not receiving appropriate role /privilege while authenticating against ClearPass using TACACS
From the CLI of controller, when we check the privilege level for user: test , we see that root access is provided. From ClearPass access tracker log, we see that read-only access is returned.
From the pcap, we see the authentication is successful but do not see any TACACS authorization request received from Aruba controller to provide the appropriate privilege level to the management user: test
To enable TACACS authorization for TACACS server in the controller, navigate to Security > Authentication > Servers. Select the appropriate server configured for TACACS auth under TACACS server and enable "Session Authorization"
From pcap, we can now see that TACACS authorization request is sent from Aruba controller and ClearPass returns appropriate privilege level to management user: test
From CLI of controller, we can now see user: test getting the correct privilege level: read-only
Solution
"Session Authorization" option needs to be enabled in TACACS server configured in Aruba controller
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.