Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass RADIUS Dictionary Import %3A TrippLite SNMPWEBCard Authentication

This thread has been viewed 17 times

  • 1.  Clearpass RADIUS Dictionary Import %3A TrippLite SNMPWEBCard Authentication

    Posted Apr 03, 2014 06:52 PM

    Hello -

    I am trying to tie in a TrippLite SNMPWEB card with ClearPass RADIUS authentication.

    I've imported the dictionary in ClearPass, and have been able to log into my device.  My problem is that ClearPass is not repsonding with the TrippLite attributes that will give read/write access to the device.

    Any thoughts about how this was implemented?

    Here's the implementation:

    ClearPass Policy Manager v6.2.2.56621
    TrippLite SNMPWEBCard Firmware v12.06.0061

     

     


    TrippLite Dictionary requirements in Free Radius format

     

    Tripp_DictionarySample.JPG

     


    TrippLite Dictionary redefined in ClearPass XML

    Tripp_DictionaryImport.JPG

     

     


    TrippLite Dictonary Imported

     

    Tripp_CPPMAttributes.JPG

     


    ClearPass Enforcement Policy

     

    Tripp_CPPMEnforcement.JPG


    Access Tracker Results w/ Radius Response (no TrippLite-Authorization).
    Tripp_Response.JPG

     


    Errors in the access tracker log:

    2014-04-03 16:40:53,622     [RequestHandler-1-0x7f864cbe5700 h=642781 c=R0000000c-01-533de375] ERROR Common.RadiusDictTable - No Dictonary for VendorId = 850
    2014-04-03 16:40:53,622     [RequestHandler-1-0x7f864cbe5700 h=642781 c=R0000000c-01-533de375] ERROR Common.RadiusVendorAttrMap - Invalid attribute Id=1 Vendor=TrippLite
    2014-04-03 16:40:53,622     [RequestHandler-1-0x7f864cbe5700 h=642781 c=R0000000c-01-533de375] ERROR Common.BaseRadiusEnfProfileCacheObj - Failed to insert Vendor=TrippLite attrId=1 Value="default=rw"



    Thanks in advance for any guidance/feedback,




  • 2.  RE: Clearpass RADIUS Dictionary Import %3A TrippLite SNMPWEBCard Authentication
    Best Answer

    MVP
    Posted Apr 04, 2014 10:06 AM

    Did you restart your clearpass (i believe the radius server service is enough) after editing/adding your custom radius dictionary?

    Messing with the dictionaries requires a restart if I remember correctly.



  • 3.  RE: Clearpass RADIUS Dictionary Import %3A TrippLite SNMPWEBCard Authentication

    Posted Apr 04, 2014 06:56 PM

    Thank you.  That did the trick!



  • 4.  RE: Clearpass RADIUS Dictionary Import %3A TrippLite SNMPWEBCard Authentication

    Posted Jul 27, 2023 10:11 AM

         Awesome post here with lots of good info.

         I've added a new attribute to your TrippLite UPS dictionary file:

    <TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
    <TipsHeader exportTime="Wed Apr 02 16:51:19 MDT 2014" version="6.2"/>
    <Dictionaries>
    <Vendor vendorEnabled="true" prefix="TrippLite" name="Radius:TrippLite" id="850">
    <RadiusAttributes>
    <Attribute profile="in out" type="String" name="TrippLite-Authorization" id="1"/>
    <Attribute profile="in out" type="String" name="TrippLite-Outlet-Realms" id="2"/>
    <Attribute profile="in out" type="String" name="TrippLite-Message" id="3"/>
    <Attribute profile="in out" type="String" name="TrippLite-User-Role" id="4"/>
    </RadiusAttributes>
    </Vendor>
    </Dictionaries>
    </TipsContents>

         I've also used a dictionary for APC UPSs.

    <TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
    <TipsHeader exportTime="Wed Jul 26 20:27:11 CDT 2023" version="6.9"/>
    <Dictionaries>
    <Vendor vendorEnabled="true" prefix="APC" name="Radius:APC" id="318">
    <RadiusAttributes>
    <Attribute profile="in out" type="String" name="APC-ACCPX-Access1" id="8"/>
    <Attribute profile="in out" type="String" name="APC-ACCPX-Access2" id="9"/>
    <Attribute profile="in out" type="String" name="APC-ACCPX-Access3" id="10"/>
    <Attribute profile="in out" type="String" name="APC-ACCPX-Access4" id="11"/>
    <Attribute profile="in out" type="String" name="APC-ACCPX-Access5" id="12"/>
    <Attribute profile="in out" type="String" name="APC-ACCPX-Access6" id="13"/>
    <Attribute profile="in out" type="String" name="APC-ACCPX-Access7" id="14"/>
    <Attribute profile="in out" type="String" name="APC-ACCPX-Doors" id="6"/>
    <Attribute profile="in out" type="String" name="APC-ACCPX-Status" id="7"/>
    <Attribute profile="in out" type="String" name="APC-Contact" id="5"/>
    <Attribute profile="in out" type="String" name="APC-Outlets" id="2"/>
    <Attribute profile="in out" type="String" name="APC-Perms" id="3"/>
    <Attribute profile="in out" type="Unsigned32" name="APC-Service-Type" id="1">
    <ValidValues>
    <ValidValue enumOrdinal="1" value="Admin"/>
    <ValidValue enumOrdinal="2" value="Device"/>
    <ValidValue enumOrdinal="3" value="ReadOnly"/>
    <ValidValue enumOrdinal="4" value="Outlet"/>
    <ValidValue enumOrdinal="5" value="Card"/>
    </ValidValues>
    </Attribute>
    <Attribute profile="in out" type="String" name="APC-Username" id="4"/>
    </RadiusAttributes>
    </Vendor>
    </Dictionaries>
    </TipsContents>


    Original Message