Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Guest MAC Authentication Reject

This thread has been viewed 10 times

  • 1.  Guest MAC Authentication Reject

    Posted Nov 16, 2016 07:43 AM

    Some guests are able to login, others aren't.

     

    In the logs I see the following:

     

    2016-11-16 13:08:43,904[AuthReqThreadPool-6-0x7fcb22359700 r=R000846cd-01-582c4c4b h=26] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =SELECT
    2016-11-16 13:08:43,904[AuthReqThreadPool-6-0x7fcb22359700 r=R000846cd-01-582c4c4b h=26] ERROR ExtDB.DBQuery - execute: Failed to construct filter=SELECT
    2016-11-16 13:08:43,904[AuthReqThreadPool-6-0x7fcb22359700 r=R000846cd-01-582c4c4b h=26] ERROR ExtDB.DBQuery - Failed to get value for attributes=AccountEnabled, AccountExpired]
    Error Message:
    User authentication failed
     Alerts for this Request  
    Policy serverFailed to construct filter=SELECT
    CASE WHEN expire_time is null or expire_time > now() THEN 'false'
    ELSE 'true'
    END AS is_expired,
    CASE WHEN enabled = true THEN 'true' ELSE 'false' END as is_enabled
    FROM tips_guest_users
    WHERE ((guest_type = 'USER') AND (user_id = '%{Endpoint:Username}') AND (app_name != 'Onboard')).
    Failed to get value for attributes=[AccountEnabled, AccountExpired]
    RADIUS[Endpoints Repository] - localhost: User not found.
    MAC-AUTH: MAC Authentication attempted by unknown client, rejected.


  • 2.  RE: Guest MAC Authentication Reject

    Posted Nov 18, 2016 04:58 AM

    Hi,

     

    Have you confirmed that the user trying to MAC auth is in the endpoint respository?

     

    Cheers

    James



  • 3.  RE: Guest MAC Authentication Reject

    Posted Jan 18, 2018 08:28 AM
      |   view attached

    PLS help - some problem.

    Some users don`t  give access.

    In guest portal: "policy definition error: unknown mode '%1'"

    in clear pass policy manager :

    Policy serverFailed to construct filter=SELECT
    CASE WHEN expire_time is null or expire_time > now() THEN 'false'
    ELSE 'true'
    END AS is_expired,
    CASE WHEN enabled = true THEN 'true' ELSE 'false' END as is_enabled
    FROM tips_guest_users
    WHERE ((guest_type = 'USER') AND (user_id = '%{Endpoint:Username}') AND (app_name != 'Onboard')).
    Failed to get value for attributes=[AccountEnabled, AccountExpired]
    RADIUS[Endpoints Repository] - localhost: User not found.
    MAC-AUTH: MAC Authentication attempted by unknown client, rejected.