Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Failed to get value for attributes=[Device Name]

This thread has been viewed 13 times

  • 1.  Failed to get value for attributes=[Device Name]

    Posted Jul 16, 2014 01:52 PM

    Hi:

    I'm having a problem with Clearpass and certain computers.

    Some computers fail authentication. If I check the "Alert" tab, it says:

    Policy Server: Failed to get value for attributes=[Device Name]

     

    When I check Input - Authorization Attributes"

    it only shows a few attributes: Account Expires, memberOf, and UserDN.

    It does not show the 'device name' attribute.

     

    However, some computers authenticate just fine. Under the  Input - Authorization Attributes" section, those show several more attributes, including Device name.

     

    Why would Clearpass get more attributes from some computers and not others?

     

    I've checked AD replication, and it's fine. I've checked to see if security settings are different between successful and non-successful laptops, and they look identical.

     

    Is this a Clearpass or an AD issue?

     

    Thanks,

    Tony

     



  • 2.  RE: Failed to get value for attributes=[Device Name]

    Posted Jul 16, 2014 02:09 PM

    The device name likely comes from the profiling; not AD.  For those devices that fail, are they "profiled" in the endpoint database?   Do you have a role mapping or enforcement policy that is dependent on that attribute?



  • 3.  RE: Failed to get value for attributes=[Device Name]

    Posted Jul 16, 2014 04:59 PM

    Hi:

    Thanks for the reply.

    This issue seems to have had something to do with the username. The account was good, not locked out, or disabled.

    But I created a new user with the exact same group memberships and permissions, and was able to connect that way.

     

    One of those things to try to figure out at some to-be-determined time in the future.

     

    Thanks again for your help.

    Tony

     



  • 4.  RE: Failed to get value for attributes=[Device Name]

    EMPLOYEE
    Posted Jul 17, 2014 07:57 AM

    Curious - was the device name an attribute passed back from AD in your case?  

     

    You can go into the AD authentication source and see how Clearpass queried for the device name attribute if it exists in your source.

     

    Screenshot 2014-07-17 07.56.13.png



  • 5.  RE: Failed to get value for attributes=[Device Name]

    Posted Jul 17, 2014 10:07 AM

    Hi Seth:

    Thanks for showing me how to check the AD authentication parameters.

    Device Name is not listed there on my CPPM.

     

    I believe that I incorrectly interpreted the data. I thought that the error message of being unable to get the device name was present every time there was a problem. But I've found a few instances where the same error appeared, and the machine authenticated just fine.

    So apparently, it has nothing to do with the problem I was having.

     

    I'm still not 100% sure what my problem was, but creating a new user seems to have cleared it up, at least for that workstation.

     

    I've got an eye on it.

     

    Thanks,

    Tony

     

     

     



  • 6.  RE: Failed to get value for attributes=[Device Name]

    EMPLOYEE
    Posted Jul 17, 2014 07:14 PM

    Are you using Endpoint:Device Name or is it a different attribute from another source?