Security

Reply
Contributor I

ClearPass MAB EAP-MD5 with MSSQL

Ciao,

Do you know if it's possible to autenticate mac-address using MSSQL when the switch uses EAP-MD5 as protocol?

Thanks

Guru Elite

Re: ClearPass MAB EAP-MD5 with MSSQL

Evaluate the MAC address during the authentication phase. For the authentication phase, do an Allow All MAC Auth.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: ClearPass MAB EAP-MD5 with MSSQL

Not the [EAP MD5] ???

 

Guru Elite

Re: ClearPass MAB EAP-MD5 with MSSQL

If the switch can only do EAP-MD5, you'll need to do this workaround.

 

  1. Extract and Import the attached static host list.
  2. Create a new Static Host List authentication source and select the SHL previously imported
  3. Use this as the auth source along with [EAP MD5] as the method
  4. Add the SQL auth source as an additional authorization source

 

Screen Shot 2018-04-26 at 11.37.38 AM.png

 


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
SRM
Occasional Contributor I

s

 
Contributor I

Re: ClearPass MAB EAP-MD5 with MSSQL

Thanks Tim

However now I've this error regarding authorization. I attach the logs and SQL  cfg

Guru Elite

Re: ClearPass MAB EAP-MD5 with MSSQL

1) Your query for MAC address should be %{Connection:Client-Mac-Address} instead of username

2) Does the query work when you test in the attribute builder?


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: