Security

Hello,
I am in the process of setting up a new Clearpass deployment, and am trying to get the auto SFTP backup working.

I can see in the logs that the auto-backup file is being generated:
I have tested out the user/pw with my SFTP server, and am able to make directories and upload files, so I don't think its a permissions issue. 

I'm pretty sure I have the Clearpass settings right. For the remote directory, I have tried with a "/" at the front and without.

Any suggestions? Thanks,

Chris

Hi,

Do you have check the SFTP log ?

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281
------------------------------

Original Message:
Sent: Feb 03, 2021 11:53 AM
From: Christopher Jones
Subject: Clearpass - SFTP Backup Failing

Hello,
I am in the process of setting up a new Clearpass deployment, and am trying to get the auto SFTP backup working.

I can see in the logs that the auto-backup file is being generated:

However, the SFTP copy to my external server does not work, reporting this non-descript error "No such file":

I have tested out the user/pw with my SFTP server, and am able to make directories and upload files, so I don't think its a permissions issue. 

I'm pretty sure I have the Clearpass settings right. For the remote directory, I have tried with a "/" at the front and without.

Any suggestions? Thanks,

Chris

It took me some fiddling when we first set things up. My backup server is an Ubuntu linux box running sftp-server - fairly simple. I created a user on the server for SFPT transfers: "clearpass"

Here's my backup configuration panel from CPPM:


------------------------------
--Matthew

If I have in some way helped, please click the KUDOS button
------------------------------

Original Message:
Sent: Feb 03, 2021 11:53 AM
From: Christopher Jones
Subject: Clearpass - SFTP Backup Failing

Hello,
I am in the process of setting up a new Clearpass deployment, and am trying to get the auto SFTP backup working.

I can see in the logs that the auto-backup file is being generated:

However, the SFTP copy to my external server does not work, reporting this non-descript error "No such file":

I have tested out the user/pw with my SFTP server, and am able to make directories and upload files, so I don't think its a permissions issue. 

I'm pretty sure I have the Clearpass settings right. For the remote directory, I have tried with a "/" at the front and without.

Any suggestions? Thanks,

Chris

Thanks msabin and alagoutte for your replies.

We figured out the issue here. The Clearpass servers are supposed to make a new directory inside of whatever remote directory you specify to store the backups in. This new directory is named as the IP address of the server. 

For unknown reasons, Clearpass was unable to make a new directory in the target remote directory. We checked user permissions and were able to use that user to make a new directory inside of the folder, so not sure why Clearpass was failing. 

However, the workaround was simple enough. We created a directory named as the IP address of the server, and voila, the backups work each night.

The remote directory configured on Clearpass in my case is "/aruba-backups/Backups/"
Inside there I created a directory named with the server IP "x.x.x.x"
Now the backups just show up in "/aruba-backups/Backups/x.x.x.x/" each night.

Hopefully this info will help anyone else who encounters this issue.

Original Message:
Sent: Feb 04, 2021 07:19 PM
From: Matthew Sabin
Subject: Clearpass - SFTP Backup Failing

It took me some fiddling when we first set things up. My backup server is an Ubuntu linux box running sftp-server - fairly simple. I created a user on the server for SFPT transfers: "clearpass"

Here's my backup configuration panel from CPPM:

The SFTP server starts the root at /home on my linux box, so clearpass needs to put files in /clearpass
CPPM creates a folder named after its IP address and places the backups inside.

I figured this out by logging in to the SFTP server from my own command line to see where I would up and worked out the "Remote Directory" from there.
Hope this helps.

------------------------------
--Matthew

If I have in some way helped, please click the KUDOS button

Original Message:
Sent: Feb 03, 2021 11:53 AM
From: Christopher Jones
Subject: Clearpass - SFTP Backup Failing

Hello,
I am in the process of setting up a new Clearpass deployment, and am trying to get the auto SFTP backup working.

I can see in the logs that the auto-backup file is being generated:

However, the SFTP copy to my external server does not work, reporting this non-descript error "No such file":

I have tested out the user/pw with my SFTP server, and am able to make directories and upload files, so I don't think its a permissions issue. 

I'm pretty sure I have the Clearpass settings right. For the remote directory, I have tried with a "/" at the front and without.

Any suggestions? Thanks,

Chris

Thanks for feedback with the solution !

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281
------------------------------

Original Message:
Sent: Feb 18, 2021 01:14 PM
From: Christopher Jones
Subject: Clearpass - SFTP Backup Failing

Thanks msabin and alagoutte for your replies.

We figured out the issue here. The Clearpass servers are supposed to make a new directory inside of whatever remote directory you specify to store the backups in. This new directory is named as the IP address of the server. 

For unknown reasons, Clearpass was unable to make a new directory in the target remote directory. We checked user permissions and were able to use that user to make a new directory inside of the folder, so not sure why Clearpass was failing. 

However, the workaround was simple enough. We created a directory named as the IP address of the server, and voila, the backups work each night.

The remote directory configured on Clearpass in my case is "/aruba-backups/Backups/"
Inside there I created a directory named with the server IP "x.x.x.x"
Now the backups just show up in "/aruba-backups/Backups/x.x.x.x/" each night.

Hopefully this info will help anyone else who encounters this issue.

Original Message:
Sent: Feb 04, 2021 07:19 PM
From: Matthew Sabin
Subject: Clearpass - SFTP Backup Failing

It took me some fiddling when we first set things up. My backup server is an Ubuntu linux box running sftp-server - fairly simple. I created a user on the server for SFPT transfers: "clearpass"

Here's my backup configuration panel from CPPM:

The SFTP server starts the root at /home on my linux box, so clearpass needs to put files in /clearpass
CPPM creates a folder named after its IP address and places the backups inside.

I figured this out by logging in to the SFTP server from my own command line to see where I would up and worked out the "Remote Directory" from there.
Hope this helps.

------------------------------
--Matthew

If I have in some way helped, please click the KUDOS button

Original Message:
Sent: Feb 03, 2021 11:53 AM
From: Christopher Jones
Subject: Clearpass - SFTP Backup Failing

Hello,
I am in the process of setting up a new Clearpass deployment, and am trying to get the auto SFTP backup working.

I can see in the logs that the auto-backup file is being generated:

However, the SFTP copy to my external server does not work, reporting this non-descript error "No such file":

I have tested out the user/pw with my SFTP server, and am able to make directories and upload files, so I don't think its a permissions issue. 

I'm pretty sure I have the Clearpass settings right. For the remote directory, I have tried with a "/" at the front and without.

Any suggestions? Thanks,

Chris

I'm sorry I didn't mention the part where each clearpass server makes its own folder.
I think I too had to log in as clearpass myself and make the folders as well - was just too long ago to remember.

------------------------------
--Matthew

If I have in some way helped, please click the KUDOS button
------------------------------

Original Message:
Sent: Feb 18, 2021 01:14 PM
From: Christopher Jones
Subject: Clearpass - SFTP Backup Failing

Thanks msabin and alagoutte for your replies.

We figured out the issue here. The Clearpass servers are supposed to make a new directory inside of whatever remote directory you specify to store the backups in. This new directory is named as the IP address of the server. 

For unknown reasons, Clearpass was unable to make a new directory in the target remote directory. We checked user permissions and were able to use that user to make a new directory inside of the folder, so not sure why Clearpass was failing. 

However, the workaround was simple enough. We created a directory named as the IP address of the server, and voila, the backups work each night.

The remote directory configured on Clearpass in my case is "/aruba-backups/Backups/"
Inside there I created a directory named with the server IP "x.x.x.x"
Now the backups just show up in "/aruba-backups/Backups/x.x.x.x/" each night.

Hopefully this info will help anyone else who encounters this issue.

Original Message:
Sent: Feb 04, 2021 07:19 PM
From: Matthew Sabin
Subject: Clearpass - SFTP Backup Failing

It took me some fiddling when we first set things up. My backup server is an Ubuntu linux box running sftp-server - fairly simple. I created a user on the server for SFPT transfers: "clearpass"

Here's my backup configuration panel from CPPM:

The SFTP server starts the root at /home on my linux box, so clearpass needs to put files in /clearpass
CPPM creates a folder named after its IP address and places the backups inside.

I figured this out by logging in to the SFTP server from my own command line to see where I would up and worked out the "Remote Directory" from there.
Hope this helps.

------------------------------
--Matthew

If I have in some way helped, please click the KUDOS button

Original Message:
Sent: Feb 03, 2021 11:53 AM
From: Christopher Jones
Subject: Clearpass - SFTP Backup Failing

Hello,
I am in the process of setting up a new Clearpass deployment, and am trying to get the auto SFTP backup working.

I can see in the logs that the auto-backup file is being generated:

However, the SFTP copy to my external server does not work, reporting this non-descript error "No such file":

I have tested out the user/pw with my SFTP server, and am able to make directories and upload files, so I don't think its a permissions issue. 

I'm pretty sure I have the Clearpass settings right. For the remote directory, I have tried with a "/" at the front and without.

Any suggestions? Thanks,

Chris