Security

last person joined: 19 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

False Role on Clearpass

This thread has been viewed 0 times

  • 1.  False Role on Clearpass

    Posted Apr 26, 2016 01:37 AM

    Hi !

     

    I have install clearpass and integrated with AD.

     

    I have 3 group IT, Finance, and block.

    When i connect with user of IT Group i got IT Role

    When i Connect with user of Finance Group I got Finance Role

    And When i connect with user of Block Group or other i have to Deny, but Right now i got Finance Role,

     

    I configure the Services like bellow :

    Screenshot (46).png

     

    Kindly need your help

     

    Thank you in advance



  • 2.  RE: False Role on Clearpass

    Posted Apr 26, 2016 06:16 AM
    Can you take a snapshot of access tracker and your role mapping

    Sent from Outlook for iPhone


  • 3.  RE: False Role on Clearpass

    Posted Apr 26, 2016 06:52 AM
      |   view attached

    Screenshot (47).pngScreenshot (49).png



  • 4.  RE: False Role on Clearpass
    Best Answer

    EMPLOYEE
    Posted Apr 26, 2016 07:26 AM
    Change rule #2 to be an AND


  • 5.  RE: False Role on Clearpass

    Posted Apr 26, 2016 08:15 AM

    Screenshot (50).pngScreenshot (51).png

    i was change it, but Right now Group IT Can't Connect

     

    Group Finance connected



  • 6.  RE: False Role on Clearpass

    EMPLOYEE
    Posted Apr 26, 2016 08:22 AM
    What does the alerts tab show?



    Also, I would just remove the UserDN EXISTS rule. It doesn't add anything.


  • 7.  RE: False Role on Clearpass
    Best Answer

    Posted Apr 26, 2016 08:58 AM
    The role mapping rule evaluation change it to "all matches" instead "first applicable"