Security

 View Only

  • 1.  Jamf Integration with Clearpass evaluation license

    Posted Oct 12, 2020 07:00 PM

    We are in the middle of purchasing Clearpass for our environment and I was getting a head start looking on the setting it up by using our POC environment using the evaluation license. I was trying to test the integration of JAMF extension so that I can sync the device database but I seem to not be able to create the necessary extension and an error message in the logs:


     [2020-10-12T18:52:28.736] [INFO] JAMF - SSL Verification Enabled. (Config: "verifySSLCerts": true)
    [2020-10-12T18:52:28.736] [WARN] JAMF - You must configure a skyhook tenant and access token to use Webhooks. No webhooks will be processed.
    [2020-10-12T18:52:28.737] [INFO] JAMF - Initalizing JAMF extension...
    [2020-10-12T18:52:28.737] [INFO] JAMF - Checking to see if the script "cppm-all-mac-addresses" exists...
    [2020-10-12T18:52:28.740] [INFO] JAMF - Stats tracking is disabled. A placeholder webservice will be started...
    [2020-10-12T18:52:28.742] [INFO] JAMF - Starting stats web service...
    [2020-10-12T18:52:28.746] [INFO] JAMF - Stats web server listening on port 8080.
    [2020-10-12T18:52:28.902] [ERROR] JAMF - Script lookup failed. Request failed with status code 401
    [2020-10-12T18:52:28.902] [ERROR] JAMF - "<html>
    <head>
    \t<title>Status page</title>
    </head>
    <body style=\"font-family: sans-serif;\">
    <p style=\"font-size: 1.2em;font-weight: bold;margin: 1em 0px;\">Unauthorized</p>
    <p>The request requires user authentication</p>
    <p>You can get technical details <a href=\"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2\">here</a>.<br>
    \tPlease     continue your visit at our <a href=\"/\">home page</a>.
    </p>
    </body>
    </html>"
    [2020-10-12T18:52:28.932] [INFO] JAMF - Next endpoint sync is scheduled at Mon Oct 12 2020 19:00:00 GMT-0400.
    [2020-10-12T18:52:28.941] [INFO] JAMF - Server version information load complete (Version: 6.8.4.120034).

     

    Is it even possible to be able to configure and use these integration using a clearpass evaluation license?



  • 2.  RE: Jamf Integration with Clearpass evaluation license

    Posted Oct 12, 2020 10:04 PM

    Hi,

     

    Looking through the log snippet attached above, its looks like we're seeing HTML data, do you use a proxy or do you have a proxy configured?

     

    Can you please post the entire extension config?

     

    Please confirm the version of the extension in use?

     

    If your sensitive to than you can send it direct to me jump@hpe.com



  • 3.  RE: Jamf Integration with Clearpass evaluation license

    Posted Oct 13, 2020 01:24 PM

    Thanks for the reply. I am wondering if I need to do more on my JAMF side. We are using JAMF cloud version but when I check the JAMF logs I never see an indication that my clearpass server is even making an attempt to connect. I also do not see the extension that should have been created in JAMF. I do not think I am running any proxy server and I am running extension version 3.0.0.

     

    {

        "logLevel": "INFO",

        "verifySSLCerts": true,

        "jamfHost": "aboutinc.jamfcloud.com",

        "jamfUserName": "cppm-jamf",

        "jamfPassword": "********",

        "endpointSyncSchedule": "*/30 * * * *",

        "endpointSyncOnStart": false,

        "additionalAttributeMapping": [],

        "macExtensionAttributeName": "cppm-all-mac-addresses",

        "createMacExtensionAttribute": true,

        "skyhookTenant": "",

        "dbAccessToken": "********",

        "smartGroupTriggerDisconnect": [

            "OutOfCompliance"

        ],

        "cppmUserName": "cppm-jamf",

        "cppmPassword": "********",

        "enableStats": false,

        "bypassProxy": false

    }



  • 4.  RE: Jamf Integration with Clearpass evaluation license

    Posted Oct 13, 2020 08:12 PM

    Yikes, bit of a mess here from ourside as I suspected.... your running JAMF v3 which should not be searchable in the App Store, the latest public verision is v2.1, thats totally on us and we're normally pretty cool in our release schedule.

     

    Back to your point re messages and my point, the logs seams to indicate we;re seeing a response from a proxy-server, if you want to jump on a call to go through this, I can jump on a zoom-call to see if we can resolve this quickly without raising a TAC case.....

     

    I'm in PST timezone.



  • 5.  RE: Jamf Integration with Clearpass evaluation license

    Posted Oct 13, 2020 09:01 PM
    Sure I can do it right now. I did a collect longs on the server and found the extension logs:

    [2020-10-13T15:30:00.105] [INFO] JAMF - Starting the sync all process...
    [2020-10-13T15:30:00.107] [INFO] JAMF - Next endpoint sync is scheduled at Tue Oct 13 2020 16:00:00 GMT-0400.
    [2020-10-13T15:30:00.218] [ERROR] JAMF - Sync all encountered an error. Request failed with status code 401
    [2020-10-13T15:30:00.218] [ERROR] JAMF - Error: Request failed with status code 401
    at createError (/src/node_modules/axios/lib/core/createError.js:16:15)
    at settle (/src/node_modules/axios/lib/core/settle.js:17:12)
    at IncomingMessage.handleStreamEnd (/src/node_modules/axios/lib/adapters/http.js:236:11)
    at emitNone (events.js:111:20)
    at IncomingMessage.emit (events.js:208:7)
    at endReadableNT (_stream_readable.js:1064:12)
    at _combinedTickCallback (internal/process/next_tick.js:139:11)
    at process._tickCallback (internal/process/next_tick.js:181:9)

    Ajamu Abraham
    Senior Network Engineer
    Dotdash.com
    1500 Broadway
    5th Floor
    New York, NY 10036
    Direct: 212.204.1525
    Cell #: 646.257.0453
    "l'argent comptant règne tout autour de moi"


Related Content