Security

Reply
Valued Contributor I

clearpass regular expressions

Hi,

I've got a clearpass service that is used to authenticate our eduroam users against our AD service.

 

Amongst other things service selection is done by checking that radius:ietf:User-Name contains @york.ac.uk which is our standard eduroam realm.

 

AD authentication is set up to strip off the @york.ac.uk suffic and also , if present to remove our AD domain prefix (ITSYORK)

 

I thought that I could use match_regex specifying

 

@york\.ac\.uk$|^ITSYORK

 

to select the service based upon the User-Name  is but the above doesn't work. What should I be specifying?

 

Rgds

Alex

 

Guru Elite

Re: clearpass regular expressions

I usually just do

 

Authentication:Full Username             ENDS_WITH       @york.ac.uk

 

You don't want to allow DOMAIN\ on eduroam. It is not valid and users will not be able to connect at other universities.

 

Take a look here at how you can work around this:

 

http://community.arubanetworks.com/t5/Mobility-Hero-Tutorials/AD-Machine-Auth-Eduroam-ClearPass-Jan-2014/

 


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: