Security

Reply
Contributor I

EAPTLS Certificate information in Access Tracker?

We are using EAP/TLS on our network back-ended by ClearPass.

 

One of our ClearPass rules compares (Certificate:Subject-CN  EQUALS  %{Radius:IETF:User-Name}).  When this breaks - we know we have a problem...

 

However, it would be *really* nice to have Certificate:Subject-CN in the Computed Attributes of an Access Tracker request detail.  

 

Is there anyway to make this happen?

Benjamin J. Higgins (’97)
Worcester Polytechnic Institute
Guru Elite

Re: EAPTLS Certificate information in Access Tracker?

I'm not following the question. Both the CN and DN are already present.

 

Screen Shot 2018-12-06 at 2.54.56 PM.png


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Highlighted
Contributor I

Re: EAPTLS Certificate information in Access Tracker?

Thank you @Tim for assistance off post.  The answer is:

 

The client certificate isn’t sent to ClearPass until EAP-TLS is negotiated. In this case, the EAP method hasn’t been negotiated which usually means there is a client configuration issue.

 

Authentication:OuterMethod    EAP

Authentication:Status    Failed

Benjamin J. Higgins (’97)
Worcester Polytechnic Institute
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: