Security

 View Only
last person joined: 23 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Downloadable User Role Mobility Controller Captive Portal

This thread has been viewed 8 times

  • 1.  Clearpass Downloadable User Role Mobility Controller Captive Portal

    Posted Jun 16, 2022 06:39 AM
    Hi all,

    can anyone provide me with a working example for a downloadable user role for a mobility controller please ? Specifically the captive portal config in the DUR? Even when I create the DUR in standard mode, the controller is rejecting the command syntax see below. The DUR is working fine without the CP config. Clearpass 6.10.5  Controller 8.7.1.4

    aaa authentication captive-portal PostureCheck
        server-group ProQR-CPPM
        default-role logon
        default-guest-role logon
        no user-logon
        guest-logon
        no logout-popup-window
        login-page https://captive-portal.proqr.com/guest/proqr-posture.php
        no enable-welcome-page
    !
    Jun 16 12:19:15 :199802: <3612> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1938: Dldb Role ProQR_DURW_Test-3039-2: Rejected line 'aaa authentication captive-portal PostureCheck', contains unsupported keyword
    Jun 16 12:19:15 :199802: <3612> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1938: Dldb Role ProQR_DURW_Test-3039-2: Rejected line '^Iserver-group ProQR-CPPM', contains unsupported keyword
    Jun 16 12:19:15 :199802: <3612> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1938: Dldb Role ProQR_DURW_Test-3039-2: Rejected line '^Idefault-role logon', contains unsupported keyword
    Jun 16 12:19:15 :199802: <3612> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1938: Dldb Role ProQR_DURW_Test-3039-2: Rejected line '^Idefault-guest-role logon', contains unsupported keyword
    Jun 16 12:19:15 :199802: <3612> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1938: Dldb Role ProQR_DURW_Test-3039-2: Rejected line '^Ino user-logon', contains unsupported keyword
    Jun 16 12:19:15 :199802: <3612> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1938: Dldb Role ProQR_DURW_Test-3039-2: Rejected line '^Iguest-logon ^Ino logout-popup-window ^Ilogin-page https://captive-portal.proqr.com/guest/proqr-posture.php ^Ino enable-welcome-page ! ip access-list session ProQR-Computer-Quar ^Iany any svcProQR_DHCP permit
    Jun 16 12:19:15 :199802: <3612> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1938: Dldb Role ProQR_DURW_Test-3039-2: Rejected line '^Ino logout-popup-window', contains unsupported keyword
    Jun 16 12:19:15 :199802: <3612> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1938: Dldb Role ProQR_DURW_Test-3039-2: Rejected line '^Ilogin-page https://captive-portal.proqr.com/guest/proqr-posture.php', contains unsupported keyword
    Jun 16 12:19:15 :199802: <3612> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1938: Dldb Role ProQR_DURW_Test-3039-2: Rejected line '^Ino enable-welcome-page', contains unsupported keyword
    Jun 16 12:19:15 :199802: <3612> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1966: Dldb Role ProQR_DURW_Test-3039-2: processing stopped due to whitelist violation
    Jun 16 12:19:15 :199802: <3612> <ERRS> |authmgr| auth_cppm_fsm.c, ac_afsm_exec_transform:433: Dldb Role ProQR_DURW_Test-3039-2: Transform failed
    Jun 16 12:19:15 :124830: <3612> <ERRS> |authmgr| Dldb Role ProQR_DURW_Test-3039-2: Users dequeued, role in incomplete state


    ------------------------------
    Erik Eckhardt
    ACMX #1245, ACDX #968, ACCP, ACSP,ACNSP
    ------------------------------