Frequent Contributor II

Authentication for Management Users via ClearPass

Does anyone have any insight into using ClearPass for Auth of Admin users on the Aruba Controllers.   I have the Radius connection, however the request coming from Aruba Controllers themselves show very different then aruba wireless users coming from a wireless connection.  What details from the radius request do I want to scrutinize on the ClearPass server to determine it is a Aruba Admin Auth request, and then handle properly?




Aruba Employee

Re: Authentication for Management Users via ClearPass

you can use "Service-Type: Administrative-User" as one of the condition to match the respective policy.



can see the sample request attributes :



Jan 29 14:44:29 :124038:  <INFO> |authmgr|  Selected server qasecurity for method=Management; user=shabaresha,  essid=<>, domain=<>, server-group=radius
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_api.c:339] Radius authenticate user (shabaresha) PAP using server qasecurity
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_api.c:1108] :L3 User lookup failed, skipping Aruba-Port-ID
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_request.c:53] Add Request: id=140, srv=, fd=74
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:949] Sending radius request to qasecurity: id:140,len:167
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  NAS-IP-Address:
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  NAS-Port-Id: 0
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  NAS-Port-Type: 5
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  User-Name: shabaresha
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:962]  Password: *****
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Calling-Station-Id:
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Called-Station-Id: 000B866D1B60
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Framed-IP-Address:
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Service-Type: Administrative-User
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Aruba-Essid-Name:
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Aruba-Location-Id: N/A
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Aruba-AP-Group: N/A
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  NAS-Identifier: shabaresha
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_server.c:958]  Message-Auth: Yp\265\304\316\212\227\272\310u\346[pIVE
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_request.c:76] Find Request: id=140, srv=, fd=74
Jan 29 14:44:29 :121031:  <DBUG> |authmgr| |aaa| [rc_request.c:82]  Current entry: srv=, fd=74






Search Airheads
Showing results for 
Search instead for 
Did you mean: