Security

Reply
Occasional Contributor II

Role Mapping not catching a user who is memberOf a group

CN=GLB-xxxxxx shows up under thier authorization in the failure message and that's what we key off of.  Only difference between this user and me is that in the authorization on the logs the group shows up under Group and memberOf.

 

Have tried keying his off memberOf or Group and it does not matter, he just does not match..

 

Rule is Authsource-AD,  meberOf, equals, GLB-xxxxxx

 

 

 

 

Guru Elite

Re: Role Mapping not catching a user who is memberOf a group

Are they in a nested group?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Role Mapping not catching a user who is memberOf a group

Is there a easy to tell from the clearpass auth failure message under auth attribs?

 

 

Guru Elite

Re: Role Mapping not catching a user who is memberOf a group

You'd want to look in AD.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Guru Elite

Re: Role Mapping not catching a user who is memberOf a group


Bruha wrote:

CN=GLB-xxxxxx shows up under thier authorization in the failure message and that's what we key off of.  Only difference between this user and me is that in the authorization on the logs the group shows up under Group and memberOf.

 

Have tried keying his off memberOf or Group and it does not matter, he just does not match..

 

Rule is Authsource-AD,  meberOf, equals, GLB-xxxxxx

 

 

 

 


the MemberOf attribute is a string.  Please use contains, instead of equals to attempt to match any part of that string.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor II

Re: Role Mapping not catching a user who is memberOf a group

Thanks I've been beating my head against this for awhile.  I did not even consider that a possibility.

 

 

Guru Elite

Re: Role Mapping not catching a user who is memberOf a group

I'd wear a helmet, if I were you ;)


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: