Security

Reply
Contributor II

Re: One group of users accessing multiple mactrac pages

 

This is a total clearpass mactrac failure.

 

I have lots of 25k hardware clearpass, very expensive equipment, more than 100 thousand dollars, but it will not allow one group of users be able to access multiple mactrac pages is a junk! 

Guru Elite

Re: One group of users accessing multiple mactrac pages

I have customers running with this configuration without issue.

You should consider working with your ClearPass partner.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor II

Re: One group of users accessing multiple mactrac pages

I've been working with aruba tac since 1 year ago and nobody was able to provide a solution. 

 

1 year passed and still it does not work.

 

Contributor II

Re: One group of users accessing multiple mactrac pages

If you are telling the truth, what is your Rules Evaluation Algorithm? post your setup, from enforcement to operator login profile, rules and mactrac pages. 

 

 

 

Guru Elite

Re: One group of users accessing multiple mactrac pages

Have you worked with your Aruba / ClearPass partner?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor II

Re: One group of users accessing multiple mactrac pages

I've been working with aruba support since 1 year ago and nobody was able to provide a solution. 

 

1 year passed and still it does not work. So I am frustrated using clearpass, it cost us more than 100 thousand dollars and this feature does not work.

 

Guru Elite

Re: One group of users accessing multiple mactrac pages

I've explained it in 3 different posts.

I'll summarize again here:

ENFORCEMENT POLICY:
RULE 1
Authentication:Full-Username ENDS_WITH @value1.xyz
ENFORCEMENT PROFILES:
admin_privileges = CPG-Operator-Profile-Name

RULE 2
Authentication:Full-Username ENDS_WITH @value2.xyz
ENFORCEMENT PROFILES:
admin_privileges = CPG-Operator-Profile-Name

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor II

Re: One group of users accessing multiple mactrac pages

Sending single role "CPG-Operator-Profile-Name" to access page1 or page2 will default to page1 only.  

Guru Elite

Re: One group of users accessing multiple mactrac pages

Right. When you log in with #2, you'll get page #2.


Thanks,
Tim

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor II

Re: One group of users accessing multiple mactrac pages

In your "Operator Logins" enforcement, what is the "Rules Evaluation Algorithm:". is it "select first match" or " evaluate all"?

 

Did you create 2 separate operator roles? role1 and role2? 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: