Security

Reply
Frequent Contributor I

Clearpass Guest Devices

Hi all,

 

I,m looking into MPSK for a customer so I followed the instructions as in https://community.arubanetworks.com/t5/Security/Setting-up-MPSK-for-headless-IoT-devices/td-p/522858 

We still need to test the functionality but when I log in Clearpass Guest with a devices operator login, I'm not able to manage a device, although it's set to full access in the operator profile,

you see the line move but the edit icons etc are not showing. I tried multiple browsers whit no effect. I can Create a device just fine.

When logged on with a CPPM superadmin account, all the funtionality is there.

 

Clearpass 6.8.0.1

 

any ideas what else is needed for an operator account to be able to manage devices?

 

thanks

Erik

ACDX#968, ACMP, ACCP, ACSP
MVP Guru

Re: Clearpass Guest Devices

Make sure that the Operator Profile is getting applied properly2019-07-25 10_59_21-ClearPass Policy Manager - Aruba Networks.png2019-07-25 11_00_54-Operator Translation Rules.png

Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor I

Re: Clearpass Guest Devices

Thanks Victor,

 

could you expand the [Staff Device Registration] admin_privileges please since it's not in the defaults?

 

I had the impression that the Role, assigned to the user was linked to the Operator Profile and adding an Admin Privilage just has Policy Manager UI options, nothing for Guest. Toggling the rights in the Operator Profile makes changes in the UI the user sees. And as stated, manage devices is marked as full.

 

The access tracker shows the role in the admin_privilages application response.

 

rgds, Erik

ACDX#968, ACMP, ACCP, ACSP
New Contributor

Re: Clearpass Guest Devices

Erik,

Have a look at my notes...

Regards Derin

Sent from Mail for Windows 10
Frequent Contributor I

Re: Clearpass Guest Devices

Hi Derin,

 

actual notes might be useful....... Please attach them to your post

 

rgds,

Erik

 

 

ACDX#968, ACMP, ACCP, ACSP
MVP Guru

Re: Clearpass Guest Devices

Erik,

 

This operator profile works for me:

FireShot Capture 009 - Edit Operator Profile (Device Registration) - cppm.arubalab.com.png

And you probably know that if you click the 'three lines menu' on the top-right, in the last line you can see the active operator profile next to your username to validate that the Operator role mapping went fine.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Frequent Contributor I

Re: Clearpass Guest Devices

Thanks Herman,

 

yes it does show the right operator profile there, as does the access tracker.

Testuser login.jpg

The upper mac address is selected in this screenshots but the buttons normally showing underneath are not there.

 

Could you let me know the Clearpass version used for the screen shots please because in the 6.8.0. version this customer is using I don't have an option to toggle Edit Multiple Devices for example; I only have the other 4 in Devices.

 

C

Devices Screenshot.jpg

Culumative Patch 1 for 6.8.0 is not installed yet so maybe that will fix this. Unfortunately some other issue is prefenting us from upgrading right now

 

thanks

Erik

 

 

 

ACDX#968, ACMP, ACCP, ACSP
MVP Guru

Re: Clearpass Guest Devices

Erik,

 

Screenshot was taken from 6.8.1, configuration was done and tested at 6.8.0 before I upgraded.

 

I remember that I had the similar. Devices show up in the list, but if you click them they can't be edited. It had something to do with one of the tick-boxes of rights, just don't remember which one it was. If you side by side copy the profile, I'd think it should work and from there you can your import devices if you need it.

 

In case you find out which permission controls the edit in the Devices list, please post here for others.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Highlighted
Frequent Contributor I

Re: Clearpass Guest Devices

Thanks for the pointers Herman,

 

It's selections under Guest Manager that toggles these:

 

Full User Control triggers the Edit button

Remove Accounts triggers the Remove button

Show Details triggers the Show Details button

Change Expiration triggers the Change Experiation button

Edit Multiple Guest Accounts triggers Manage Multiple Devices

Active Sessions triggers the session button but will also open the Guest menu.

 

some of these will also trigger the Print button

 

rgds, Erik

 

ACDX#968, ACMP, ACCP, ACSP
Frequent Contributor I

Re: Clearpass Guest Devices

Thanks Deri, I got it downloaded. The notes are helpful for some other stuff I needed to figure out. See solution to solve the 'not able to delete' warning on slide 6. I go that part of the config working now. 

 

rgds, Erik

ACDX#968, ACMP, ACCP, ACSP
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: