Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

clearpass regular expressions

This thread has been viewed 1 times

  • 1.  clearpass regular expressions

    Posted Mar 06, 2015 07:27 AM

    Hi,

    I've got a clearpass service that is used to authenticate our eduroam users against our AD service.

     

    Amongst other things service selection is done by checking that radius:ietf:User-Name contains @york.ac.uk which is our standard eduroam realm.

     

    AD authentication is set up to strip off the @york.ac.uk suffic and also , if present to remove our AD domain prefix (ITSYORK)

     

    I thought that I could use match_regex specifying

     

    @york\.ac\.uk$|^ITSYORK

     

    to select the service based upon the User-Name  is but the above doesn't work. What should I be specifying?

     

    Rgds

    Alex

     



  • 2.  RE: clearpass regular expressions

    EMPLOYEE
    Posted Mar 06, 2015 02:27 PM

    I usually just do

     

    Authentication:Full Username             ENDS_WITH       @york.ac.uk

     

    You don't want to allow DOMAIN\ on eduroam. It is not valid and users will not be able to connect at other universities.

     

    Take a look here at how you can work around this:

     

    http://community.arubanetworks.com/t5/Mobility-Hero-Tutorials/AD-Machine-Auth-Eduroam-ClearPass-Jan-2014/