Security

Reply
Highlighted
Contributor I

Username confusion with mactrac

Good afternoon Airheads,

 

We are using mactrac for BYOD device registration in ClearPass Guest and it works brilliantly until the user needs to make a modification or remove their device. 

 

The problem we're having is that users tend to be very inconsistent about using their sAMAccountName or their UPN (also email address) for their usernames.  We avoid this issue by stripping off the domain portion on login policies so that either format is easily accepted. 

 

However, in mactrac it still treats the two different formats as two different users.  Log in as abcdef@domain.com and register a device, but then later log in as abcdef to modify or remove said device and it will not appear in the list.

 

Is there a good way to fix this?  Maybe a way to normalize the username stored in the "sponsor_name" field in ClearPass Guest?   It seems simple to me but I can't figure it out a the moment.

 

Thanks! - Daniel


Accepted Solutions
Highlighted
Moderator

Re: Username confusion with mactrac

This is not possible. It is recommended that you force users to login with their fully qualified username by rejecting any authentications that do not contain "@".


You could also configure your IdP to always return the fully qualified username as the subject name. Local web UI logins to CPPM are never recommended.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted
Moderator

Re: Username confusion with mactrac

This is not possible. It is recommended that you force users to login with their fully qualified username by rejecting any authentications that do not contain "@".


You could also configure your IdP to always return the fully qualified username as the subject name. Local web UI logins to CPPM are never recommended.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
Contributor I

Re: Username confusion with mactrac

Thanks, Tim.  I usually strip off whatever comes after the @ to allow users to login successfully whether they use their full UPN or not, but in this case I have added a requirement to have the @ in the username for login and it seems to work.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: