Security

Hi guys,

We have one Ruckus Smart Zone 300 (3.6.1) Wireless Controller and one ClearPass (6.7.1) cluster. We would like to use TACACS+ authentication for login.

I created the TACACS service and so on... But I always get an error and the authentication doesn't work. I attached two screen with alerts. I use 3 auth source, so the auth source alert isn't relevant here. And I attached the Enforcement Profile too. Has somebody any information how I schould configure the Enforcement Profile ?

Were you ever able to figure this out?  I'm currently working on TACACS config for Ruckus VSZ-E 5.0 and was hoping to find some reference materials.  If I'm not mistaken from what I've read the privilege level is not the proper attribute to return to the smartzones... that was used for the zonedirectors.

Yepp, It works for me now with a little compromise. You should configure a local user (on Ruckus) with a realm (eg.: tacacs) and a group (eg.: ReadWrite). Attached a screens. If these settings are ok then you should configure a TACACS Dictionary on CPPM with the realm name. (eg.: tacacs:ip) You can see on the attached pic. Then you should to create enforcement profile. It works well but without the user-name option doesn't work.

I would like to handle the user-name dinamically, but it doesn't work with a variable like %{Authentication:Username}

Has anyone information regarding this? Does ClearPass able to handle variables in TACACS Enforcement Profile attributes?

(Hope it helps)

Thanks! I'll check out what you sent.  It sounds like they use the username created on the controller as a template for rights.  I had to do something similar when doing TACACS on Juniper switches.