Security

Hi all,

I,m looking into MPSK for a customer so I followed the instructions as in https://community.arubanetworks.com/t5/Security/Setting-up-MPSK-for-headless-IoT-devices/td-p/522858 

We still need to test the functionality but when I log in Clearpass Guest with a devices operator login, I'm not able to manage a device, although it's set to full access in the operator profile,

you see the line move but the edit icons etc are not showing. I tried multiple browsers whit no effect. I can Create a device just fine.

When logged on with a CPPM superadmin account, all the funtionality is there.

Clearpass 6.8.0.1

any ideas what else is needed for an operator account to be able to manage devices?

thanks

Erik

Make sure that the Operator Profile is getting applied properly

Thanks Victor,

could you expand the [Staff Device Registration] admin_privileges please since it's not in the defaults?

I had the impression that the Role, assigned to the user was linked to the Operator Profile and adding an Admin Privilage just has Policy Manager UI options, nothing for Guest. Toggling the rights in the Operator Profile makes changes in the UI the user sees. And as stated, manage devices is marked as full.

The access tracker shows the role in the admin_privilages application response.

rgds, Erik

Hi Derin,

actual notes might be useful....... Please attach them to your post

rgds,

Erik

Erik,

This operator profile works for me:

And you probably know that if you click the 'three lines menu' on the top-right, in the last line you can see the active operator profile next to your username to validate that the Operator role mapping went fine.

Thanks Herman,

yes it does show the right operator profile there, as does the access tracker.

The upper mac address is selected in this screenshots but the buttons normally showing underneath are not there.

Could you let me know the Clearpass version used for the screen shots please because in the 6.8.0. version this customer is using I don't have an option to toggle Edit Multiple Devices for example; I only have the other 4 in Devices.

C

Culumative Patch 1 for 6.8.0 is not installed yet so maybe that will fix this. Unfortunately some other issue is prefenting us from upgrading right now

thanks

Erik

Erik,

Screenshot was taken from 6.8.1, configuration was done and tested at 6.8.0 before I upgraded.

I remember that I had the similar. Devices show up in the list, but if you click them they can't be edited. It had something to do with one of the tick-boxes of rights, just don't remember which one it was. If you side by side copy the profile, I'd think it should work and from there you can your import devices if you need it.

In case you find out which permission controls the edit in the Devices list, please post here for others.

Thanks for the pointers Herman,

It's selections under Guest Manager that toggles these:

Full User Control triggers the Edit button

Remove Accounts triggers the Remove button

Show Details triggers the Show Details button

Change Expiration triggers the Change Experiation button

Edit Multiple Guest Accounts triggers Manage Multiple Devices

Active Sessions triggers the session button but will also open the Guest menu.

some of these will also trigger the Print button

rgds, Erik

Thanks Deri, I got it downloaded. The notes are helpful for some other stuff I needed to figure out. See solution to solve the 'not able to delete' warning on slide 6. I go that part of the config working now. 

rgds, Erik