Security

 View Only
Back to discussions
Expand all | Collapse all

EAPTLS Certificate information in Access Tracker?

This thread has been viewed 2 times

  • 1.  EAPTLS Certificate information in Access Tracker?

    Posted Dec 06, 2018 02:52 PM

    We are using EAP/TLS on our network back-ended by ClearPass.

     

    One of our ClearPass rules compares (Certificate:Subject-CN  EQUALS  %{Radius:IETF:User-Name}).  When this breaks - we know we have a problem...

     

    However, it would be *really* nice to have Certificate:Subject-CN in the Computed Attributes of an Access Tracker request detail.  

     

    Is there anyway to make this happen?



  • 2.  RE: EAPTLS Certificate information in Access Tracker?

    Posted Dec 06, 2018 02:55 PM
      |   view attached

    I'm not following the question. Both the CN and DN are already present.

     

    Screen Shot 2018-12-06 at 2.54.56 PM.png



  • 3.  RE: EAPTLS Certificate information in Access Tracker?

    Posted Dec 06, 2018 03:06 PM

    Thank you @Tim for assistance off post.  The answer is:

     

    The client certificate isn’t sent to ClearPass until EAP-TLS is negotiated. In this case, the EAP method hasn’t been negotiated which usually means there is a client configuration issue.

     

    Authentication:OuterMethod    EAP

    Authentication:Status    Failed



Related Content