Security

last person joined: 18 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Timeout issues using MariaDB as an Auth Source

This thread has been viewed 0 times

  • 1.  Timeout issues using MariaDB as an Auth Source

    Posted Jul 18, 2019 06:40 AM

    Hey guys,

     

    Long time user, first time poster :)

     

    We just purchased Clearpass and are looking to tie it to our MariaDB server for 1 source of authentication. Everything is working except when the MariaDB server decides to close its connection after the timeout value is exceeded. At that time, MariaDB sends a close connection acknowledgement that Clearpass ultimately ignores, then the next client that tries to auth against it on each Clearpass server (we have 6) Clearpass comes back with a message "Server has went away" and fails the authentication. During that transaction, it reestablishes the connection with MariaDB and is available for the following client. Ultimately, if our timeout value is set to 12 hours, we will have 6 false "rejects" every morning.

     

    Default value and best practice for MariaDB is a connection timeout of 8 hours from what I am being told. TAC has come back at this point and said that since Clearpass is the client of the server, there is nothing they can do and that there is no setting to force Clearpass to reestablish a connection without a client requesting authentication.

     

    I know there are people out there using MariaDB as an auth source for Clearpass, has anyone experienced this issue? Is there anything on the MariaDB side we can adjust? I am being told we cannot leave the connection open indefinitely, and I would have to agree that cleaning up a connection on a regular basis is probably a good thing.

     

    Any thoughts would be helpful. Thanks!



  • 2.  RE: Timeout issues using MariaDB as an Auth Source

    EMPLOYEE
    Posted Jul 19, 2019 05:35 AM

    We need to check logs after db connection closed whether Clearpass establishing connection with the MariaDB in same radius auth request or taking multiple auth request  to establish connection.

     

    Currently we dont have option to keep connection alive in CPPM



  • 3.  RE: Timeout issues using MariaDB as an Auth Source

    Posted Jul 19, 2019 06:31 AM

    Thank you for the response.  

     

    I do have all the TAC logs that I forwarded.  If you want to take a look I can send them over. My case has been escalated so I am hoping some kind of a solution comes from it.

     

    I was really hoping a customer has already ran into this and has the simple solution on the MariaDB config but it is not looking good so far :)