Security

Reply
New Contributor

ClearPass custom RADIUS reply-message(18) based on memberOf

Can anyone think of a way for ClearPass to generate a custom RADIUS reply-message based on a filtered memberOf string for an authenticated user?

 

I am trying to work with a device that can give users options based on what RADIUS returns in the reply-message.  I would like to use the memberOf string from an AD query but in alot of cases that string is longer than the reply-message string.  So I need a way to filter the memberOf string before inserting it to the reply-message.

 

Any ideas?

Guru Elite

Re: ClearPass custom RADIUS reply-message(18) based on memberOf

You can put any ClearPass variable into that reply, the problem is memerOf
returns a lot of different items.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
New Contributor

Re: ClearPass custom RADIUS reply-message(18) based on memberOf

OK, so can I stick the memberOf string in a ClearPass variable and then generate a reply-message based on a query of that variable(string)?


So for example:

memberOf = "CN=Domain Admins, CN=Domain Users, CN=Registered User, CN=VPN Use";

String variable;

If memberOf CONTAINS "CN=Domain Admins" variable +="Domain Admin";

If memberOf CONTAINS "CN=VPN User" variable+="Domain User";

 

Guru Elite

Re: ClearPass custom RADIUS reply-message(18) based on memberOf

It's going to be the raw output. You only add to the beginning or end.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: