Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Intune extension

This thread has been viewed 43 times

  • 1.  Clearpass Intune extension

    Posted Mar 11, 2024 11:17 AM

    While using the Intune extension along with EAP-TLS RADIUS wifi I'm constantly getting this message in the logs of the intune extension. Based on my policy the device can connect. The device id is in the CN but appears that when it's providing the id it's starting it with id and showing no device found.



  • 2.  RE: Clearpass Intune extension

    EMPLOYEE
    Posted Mar 11, 2024 11:25 AM

    Assuming that you use the HTTP authentication source, it seems that the Filter Query in that is set to something different than what contains the Intune Device ID:

    id/ may be another field in your certificate, or the Username sent by the client. You can have a look at the Computed Attributes in Access Tracker to find the proper field:

    In my case it's the Certificate:Subject-CN, but for testing I added it also as a DNS Subject alternative name. Most important is that your filter contains just the Intune ID of the client.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 3.  RE: Clearpass Intune extension

    Posted Mar 12, 2024 11:20 AM
      |   view attached
    This is the input from access tracker from the machine. The only field that semi resembles that from the the logs is the URI however as you can see below I am using Certificate:Subject-CN
    Additionally I have removed all other mappings.

    Original Message


  • 4.  RE: Clearpass Intune extension

    Posted Mar 12, 2024 11:24 AM

    Disregard the attached photo that was mistakenly added vs the inline photos.


    Original Message


  • 5.  RE: Clearpass Intune extension

    EMPLOYEE
    Posted Mar 13, 2024 09:36 AM

    That error message suggest that you added Intune as Authentication Source, not Authorization source.

    With the limited information, it may be best to work with your Aruba partner or Aruba support. As there can be many things preventing this from working, which makes guessing the right thing hard in a forum page.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 6.  RE: Clearpass Intune extension
    Best Answer

    Posted Mar 13, 2024 12:57 PM

    Hey Herman. I mentioned in my last reply to ignore that last screenshot as it was sent by mistake.

    I resolved the issue. It was because I was missing a "/" at the end of the base URL for authentication source so it was adding id into the ID of the returned device. 

    Thanks!


    Original Message