Security

I am trying to create a profile for Chromebooks but they do not seem to return the attribute for Chrome OS as I expect.

I receive this Alert on failure:

Policy server	Failed to get value for attributes=[Category, Device Name]
RADIUS	[Endpoints Repository] - localhost: User not found. Applied 'Reject' profile

The Role mapping looks like this:

(Authorization:[Endpoints Repository]:Device Name  CONTAINS  Chrome OS)



Profiling is enabled on the service.

Is there a way to classify Chromebooks so I can apply a role to them?

Are those company own chromebooks ?

Do you add the ClearPass server as a DHCP relay under the data VLAN you are expecting to see the chrome devices ?

Get Outlook for iOS

Yes Company Owned

Yes DHCP helper set in the scope for that VLAN on the controller to Clearpass.

In order for ClearPass to obtain the profile information the device needs to be able to obtain an IP address first.

You can use the profiler option in your service and if the device is not profiled (Endpoint DB) then you can place the device in a (temporary VLAN with a session timeout) just to allow the device to get an IP address and Clearpass is able to get the profile information.

The other option is to use the google admin console as an MDM solution to grab all the chromebooks currently managed through google admin console and dumps it in the endpoint database
http://www.arubanetworks.com/techdocs/ClearPass/CP_ReleaseNotes_6.5.3/Content/PriorNew/OldNew_MDM.htm

https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Handling-Chromebooks/m-p/261849




Get Outlook for iOS

I see that makes a lot of sense. Thanks!