Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Unable to login to CP Guest with Operator account

This thread has been viewed 6 times

  • 1.  Unable to login to CP Guest with Operator account

    Posted Jun 03, 2014 08:57 AM

    I am unable to login to CP Guest with an operator account.  Fails with incorrect username or password error.

    The operator account is not LDAP.


    1. clearpass-operator.JPG

    Any help/suggestions would be recommended, or if anyone has any specific examples of the Mapping Rules for an operator login, I would be grateful.

    Thanks.



  • 2.  RE: Unable to login to CP Guest with Operator account

    EMPLOYEE
    Posted Jun 03, 2014 09:04 AM

    Did you create a TACACS enforcement profile that returns the role name to ClearPass guest?

     

    engineering-profile.PNG



  • 3.  RE: Unable to login to CP Guest with Operator account

    Posted Jun 03, 2014 09:18 AM

    Hi,

     

    I didn't have any Enforcement Profiles set.

    I have tried the TACACS template you have suggested; but this is still failing - under the Enforcement Profile options for Service Attributesthere is no Engineering profile listed - just Super Admin downto API Admin (don;t know if that indicates anything in particular that is wrong).

     

    I've tried applying the default Receptionist role to the user that I created - to try and isolate what is not working; and this still failsw ith same error.

     

     



  • 4.  RE: Unable to login to CP Guest with Operator account

    EMPLOYEE
    Posted Jun 03, 2014 11:56 PM
    What is the error you are getting?


  • 5.  RE: Unable to login to CP Guest with Operator account

    Posted Jun 04, 2014 04:04 AM

    Hi,

     

    The process that I am trying to follow to login to Clearpass Guest is to connect to https://<ip address>/tips/welcome.action

    This then presents me with CPPM, CP Guest, CP OnB+W and CP Insight.

    If I select the CP Guest option and try to login using the OPERATOR LOGIN form, I get Invalid Username or Password

     

     

    clearpass-loginerror.JPG

     

    I have now realised that I have the same problem with the admin account on Clearpass.

    If I login to CPPM as admin and then launch CPG I do not get prompted for a username\password and get logged in - I have been doing this without error (through sheer luck).

    If I try and launch CPG from the welcome.action form (and not login to CPPM first) I get the same problem as with the operator accounts I have tried to setup.

     



  • 6.  RE: Unable to login to CP Guest with Operator account

    EMPLOYEE
    Posted Jun 04, 2014 04:07 AM
    Is there an error in access tracker when you try to log in?


  • 7.  RE: Unable to login to CP Guest with Operator account

    Posted Jun 04, 2014 04:50 AM

    Yep, there is an entry in Access Tracker log

     

    Error Code:          204

    Error Category:   Authentication failure

    Error Message:  Failed to classify request to service



  • 8.  RE: Unable to login to CP Guest with Operator account
    Best Answer

    EMPLOYEE
    Posted Jun 04, 2014 04:53 AM
    It means that you either don't have a service defined or it's been disabled or deleted.

    There should be one in there by default for guest operator.


  • 9.  RE: Unable to login to CP Guest with Operator account
    Best Answer

    Posted Jun 04, 2014 05:53 AM

    All problems, for Operator and admin have been resolved.

    Navigated to CPPM > Configuration > Services and then need to enable both (not one) of the following:

    Policy Manager Admin Network Login Service           Type=TACACS

    Guest Operator Logins                                                   Type=Application

     

    Many thanks for all input into investigating this problem.