Security

last person joined: 21 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

MM Upgrade from 8.3.0.4 to 8.4.0.0 breaks login authentication

This thread has been viewed 0 times

  • 1.  MM Upgrade from 8.3.0.4 to 8.4.0.0 breaks login authentication

    Posted Jan 09, 2019 02:53 PM

    Anyone else had an issue after 8.4.0.0 upgrade getting loggged back into the MM? I'm likely going to open a TAC case on it...Can't find my local account login either sadly.



  • 2.  RE: MM Upgrade from 8.3.0.4 to 8.4.0.0 breaks login authentication

    EMPLOYEE
    Posted Jan 09, 2019 03:18 PM

    Were you using a radius or TACACS server to authenticate management users before the upgrade?  If yes, do you see any hits on that server?



  • 3.  RE: MM Upgrade from 8.3.0.4 to 8.4.0.0 breaks login authentication

    Posted Jan 09, 2019 03:59 PM

    Yes, were are using clearpass. Yes, I see reject messages for the MMs. What would have changed oon the MM to cause this?



  • 4.  RE: MM Upgrade from 8.3.0.4 to 8.4.0.0 breaks login authentication

    EMPLOYEE
    Posted Jan 09, 2019 04:42 PM

    You have the reject messages.  Please compare them to previous accept messages to see what difference there is.  It could be something specific to your situation...



  • 5.  RE: MM Upgrade from 8.3.0.4 to 8.4.0.0 breaks login authentication

    MVP EXPERT
    Posted Jan 11, 2019 07:19 PM
    Just for your info. I did update my mm from 8.3 to 8.4 couple of weeks ago. My tacacs login just works fine after the upgrade. What do you see in the clearpass accesstrack logging?


  • 6.  RE: MM Upgrade from 8.3.0.4 to 8.4.0.0 breaks login authentication
    Best Answer

    MVP EXPERT
    Posted Jan 11, 2019 07:19 PM
    Just for your info. I did update my mm from 8.3 to 8.4 couple of weeks ago. My tacacs login just works fine after the upgrade. What do you see in the clearpass accesstrack logging?


  • 7.  RE: MM Upgrade from 8.3.0.4 to 8.4.0.0 breaks login authentication
    Best Answer

    Posted Jan 28, 2019 09:53 AM

    Problem Resolution:

    * After the controller upgrade clients were failing admin authentication
    * authentiation was failing with service categorization failure 
    * found that the controller upgrade has caused NAS port type to change to 0
    * before the upgrade NAS port type was 5 and the services was configured for the port type
    * but after the upgrade, the port type as changed and that has caused this 
    * modified the service configuration as per the latest attributes "Less then or equal" to 5 vs "equal to"
    * then checked and it is working as expected.

     

    So anyone from the controller team know why the NAS port type was changed in 8.4.0.0 release?