Community Home > Discuss > Technology > Security > Re: TACACS on Clear Pass -Authentication privilege...

Security

Reply
justink84
Contributor II
justink84

Re: TACACS on Clear Pass -Authentication privilege level mismatch

‎04-30-2019 09:42 AM

Hi alexsuoy,

 

Its probably not the right thread, but I didn't have any issues with having a $ in the end of the username.

 

I could also only find permitted characters for user/pass when binding clearpass to AD. I was not able to find anything obvious that involved LDAP authorizaiton with AD. 

 

ad-bind-permitted-characters.png

I was able to perform a manual ldap query in the AD server, this worked as expected. I could also see the memberOf info. 

 

user-dollarsign-ldap-query.png

 

I have also included TACACS Policy Manager authorization info for the same user account. 

 

access-tracker-authorization.png

 

You may want to check the LDAP servers to ensure they have the correct data and are syncing. Not sure if you are defining them as FQDN / IP / or domain in the address section for the LDAP server. 

 

I would also recommend try a manual query.

Auth Server => Attributes => "Select" Authentication => "Select" Attributes "tab" => Enter Username.  

 

Justin Kwasnik | ACMX# 598 | ACCX# 638
Alert a Moderator
Message 11 of 13
426 Views
Reply
0 Kudos
Highlighted
MVP Expert
MVP Expert
alexsuoy

Re: TACACS on Clear Pass -Authentication privilege level mismatch

‎05-01-2019 12:54 AM

Thanks for the above. the priv level missmatch seems to have morph'd into a being unable to assign a user role based upon checking for username membership of an AD group . Works for lot of other groups ... works on my dev server .... doesnt work on my prodn one .... Must be something thats staring me in the face  but cxanl;t see it at the moment :-(

 

A

Alert a Moderator
Message 12 of 13
407 Views
Reply
0 Kudos
justink84
Contributor II
justink84

Re: TACACS on Clear Pass -Authentication privilege level mismatch

‎05-03-2019 09:20 AM

Your welcome.

 

I did not have theprivledge level mismatch issue on 6.8.0 with custom admin rights. In the past I had only seen this when you create custom admin privledges, in combination to AD users. 

 

If you had used the default admin privledges and AD users. I never seemed to obtain this error with previous releases. 

Justin Kwasnik | ACMX# 598 | ACCX# 638
Alert a Moderator
Message 13 of 13
327 Views
Reply
0 Kudos
Search Airheads
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

© Copyright 2019 Hewlett Packard Enterprise Development LP
All Rights Reserved.
Powered by Lithium