Security

Reply
Contributor I

Clearpass - Strip Username Rule Challenge

Airheads,

 

I've ran into an issue when I strip the domain if the users enter their full e-mail address in the authentication form in a captive portal. I'm using the "user:@" strip rule which works fine for AD authentication source but the full e-mail username is needed for Clearpass guest auth source accounts. With this strip rule active users can't login with guest accounts. I don't have the luxury of disabling the rule since some AD users still use their full e-mail to authenticate at times.

 

Anyone have any ideas of how to solve this challenge? I thought that I could possibly use @ouraddomain as separator for AD users but that does not appear to be allowed.

 

Thanks,

Peter

 

Guru Elite

Re: Clearpass - Strip Username Rule Challenge

I have run into this and solved it by using a separate employee web login page with two different services. You can key off the page name in the service rules.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: