Security

This community is currently in a read-only state due to a maintenance window. For more info click here
Reply
Highlighted
Occasional Contributor II

ClearPass Policy Manager Login with Active Directory

I've always logged in to the Policy Manager using a local administrator account.

I then read up details on how to configure how to login using my AD credentials - using a copy of the Policy Manager Admin Network Login Service.

However, I noticed that my Policy Manager Admin Network Login Service isnt actually enabled according to my service list..

 

If so - whats processing my login? In the event viewer my login is sourced from Policy Manager UI.

 

Highlighted

Re: ClearPass Policy Manager Login with Active Directory

If you type the admin password incorrectly, does it show in the access tracker then?


Cheers
James
----------------------------------------------------------------------
--------------------------@whereisjrw--------------------------
---------------------------------blog-------------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
----------------------------------------------------------------------
----------------------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Highlighted
MVP Expert
MVP Expert

Re: ClearPass Policy Manager Login with Active Directory

In the attachment i send you an example of the service configuration as i used in my HomeLAB.

 

Please note then when you login to ccpm with the local "admin" account there is no service for that, it works always regardless of hitting any service or service configuration issue.

 

Hope this help you!

 

Kind Regards Marcel Koedijk
HPE ASE Flexnetwork | ACMP | ACCP | Ekahau ECSE Design - Was this post usefull, Kudos are welcome.
Highlighted

Re: ClearPass Policy Manager Login with Active Directory

At present, are you logging in as local admin or using your AD credentials?




ACMP / ACSP / ACCP / ACEP / ACDX # 663
CCIE R/S - 37956
Highlighted
Occasional Contributor II

Re: ClearPass Policy Manager Login with Active Directory

So if I type in the admin password incorrectly, it shows a Reject in Access Tracker with no Service attached to it;

 

Error Category: Authentication failure
Error Code: Failed to classify request to service
Tacacs server ServiceClassification failed, reason=PolicyServer returned empty service

 

If I type in the admin password correctly, it doesn't show up in Access Track, but I go get an INFO level event in the Event Viewer that admin has logged in.

 

I did follow the process here, https://blogs.arubanetworks.com/solutions/clearpass-operator-login-with-active-directory/, and AD Authentication works - I'm just confused as to where the original local admin login is being processed, unless its something that happens regardless of the services defined.

 

Highlighted
MVP Expert
MVP Expert

Re: ClearPass Policy Manager Login with Active Directory

local admin login is a internal process of cppm, and always work, there is no service for that. 

if the local admin password not match the local admin account it “try” the tacacs service if the account match an AD account. Thats why it hit your service by a password mismatch.

 

lokal admin account always works, so when you make a configuration fault in your services you not been locked out.

Kind Regards Marcel Koedijk
HPE ASE Flexnetwork | ACMP | ACCP | Ekahau ECSE Design - Was this post usefull, Kudos are welcome.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: