Security

Reply
Highlighted
Contributor II

Clearpass Guest Device Sponsor Name

Hi,

 

I have a MacTrac service that allows end users to create their own devices. I have a web auth service that catches these created devices but I'm struggling to check if the sponsor name exists within AD.

 

When I use the following mapping:

 

(Authorization:[Guest Device Repository]:SponsorName  EXISTS   )

 

I see the AccountStatus, RemainingExpiration and SponsorName attributes to match against.

 

Untitled.png

 

With this in mind I have created the following AD filter and added AD to my list of authorization sources.

 

Filter Name: Sponsor Name Check

Filter Query: (&(objectClass=user)(sAMAccountName=%{Authorization:[Guest Device Repository]:SponsorName}))

Name:memberOf, AliasName:Sponsor Name AD Group, DataType:String

 

When I map against the following I don't get any authorization attributes from the AD source

 

(Authorization:Active Directory:Sponsor Name AD Group  EXISTS   )

 

Any ideas on where I might be going wrong?

 

Cheers

Shaun

Highlighted
Moderator

Re: Clearpass Guest Device Sponsor Name

Do you have that AD authentication source as an additional authorization source in your service?

 

Also, better to use UserDN EXISTS.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Contributor II

Re: Clearpass Guest Device Sponsor Name

As ever Tim thanks for the reply,

 

AD is definatley in as an authorization source.

 

This is what I see when I use UserDN Exists,

 

Untitled.png

 

Any ideas?

 

Cheers

Shaun

Highlighted
Moderator

Re: Clearpass Guest Device Sponsor Name

Test it by putting the same username in the field on the Attributes tab of the Authentication filter of the authentication source.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Contributor II

Re: Clearpass Guest Device Sponsor Name

Sorry I could not get this to work but instead I'm using the following you sorted for someone else.

 

http://community.arubanetworks.com/t5/Security/Using-ClearPass-guest-device-registration-for-additional/m-p/311814

 

The SQL for the Role ID works very well for my specific purpose so I'm happy downing tools on the AD/SponsorName side of things.

 

Thanks again for your help

 

Cheers

Shaun

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: