Security

 View Only
last person joined: 2 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Display hostname on access tracker using TEAP authentication and DUR

This thread has been viewed 16 times

  • 1.  Display hostname on access tracker using TEAP authentication and DUR

    Posted 2 days ago

    Team,

    Looking for some help here,

    I am able to successfully display hostname by adding a "Radius:IETF User-Name  = %{Authentication:TEAP-Method-2-Username}" command to the standard clearpass enforcement profile, however, I am unable to see where I can introduce this command to the DUR enforcement profile.  Is this possible?



    ------------------------------
    Con
    Stathis
    ------------------------------


  • 2.  RE: Display hostname on access tracker using TEAP authentication and DUR

    EMPLOYEE
    Posted 2 days ago

    You would not introduce this to your DUR enforcement profile. In your enforcement policy just apply two different profiles, one for the IETF User-Name, and one for the Role (or Downloadable User Role/DUR).



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 3.  RE: Display hostname on access tracker using TEAP authentication and DUR

    Posted 2 days ago

    Thanks Herman, I applied the second profile and the switch is now showing user name as expected.  I am not able to see the hostname in access tracker after a successful TEAP method 1 auth.  Any ideas?  Ive spent some time on this and now am stuck 



    ------------------------------
    Con
    Stathis
    ------------------------------

    Original Message


  • 4.  RE: Display hostname on access tracker using TEAP authentication and DUR

    EMPLOYEE
    Posted 2 days ago

    Why does the RADIUS response section show that you are returning Radius:IETF:User-Name twice?



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------

    Original Message


  • 5.  RE: Display hostname on access tracker using TEAP authentication and DUR

    Posted 12 hours ago

    I assume you have two different enforcement profiles for user+machine auth and just machine auth?

    If so, you need to update your enforcement for the machine auth to send the computer name as the Radius:IETF:User-Name and the user+machine auth to send the user-name as the teap method-2.

    In your picture you are sending Radius:IETF:User-Name twice.  You have an enforcement profile applied that is trying to send Radius:IETF:User-Name =""

    This is causing you an issue because you can not send the same RADIUS attribute with two different values - even if that value is NULL.

    I had to work around this same thing - I wish Clearpass had the ability to understand if you had multiple radius values that are NULL and send the one that actually had a value.

    I had to create some SQL logic so that I don't have 8 different Return-User-Name enforcement profiles for different reasons.


    Original Message