In the
following post I will explain how to create an e-mail message from the
ClearPass system for successful authentication (Authentication notification) or
for failed authentication (Authentication alert).
First
let's create our actions, for sending emails, using ClearPass API and JSON,
Go
to Administration » Dictionaries » Context Server Actions, and click Add:
For Authentication
Notification message:
And here
is the content of the JSON:
{
"to": ["jhon@dow.com"],
"subject":
"Succesful Authentication Connection",
"message": "The
following user has been authenticated at: \n%{Date:Date-Time} \nMAC Address:
%{Connection:Client-Mac-Address-Colon} \nUser Name: %{Radius:IETF:User-Name}
\nNAS-Identifier: %{Radius:IETF:NAS-Identifier} \nNAS-IP Address: %{Connection:NAD-IP-Address},
\nPort: %{Radius:IETF:NAS-Port-Id}, \nDevice Type: %{Authorization:[Endpoints
Repository]:Device Name}"
}
|
Replace
the To email address for relevant address, also note that you can add any
information, from the RADIUS request, the this message.
In the
end click Save.
For Authentication
Alert message:
Next
thing is to make sure that your ClearPass system is configured with messaging
services, go to Administration » External Servers » Messaging Setup and fill
the required information:
Note
that in my lab I'm using Gmail for mail delivery (and how to configure Gmail is
out of the scope for this post).
Now go
to Configuration » Enforcement » Profiles and click Add:
Configure
a new enforcement profile using HTTP Based Enforcement template, name it and
enter some description:
On Target
server select localhost and as action select the relevant endpoint context server
that you have created earlier:
Click
Save
Now use
this enforcement profile for any service/enforcement policy you like in order
to notify, via email, about an event
For example,
for my secure wireless connection, where I'm using EAP-TLS/EAP-PEAP I have
added the following notifications:
Were
as the authentication status match user or machine, I'm sending authentication
notification and where the authentication status is none, failed or
authentication source is unavailable I'm sending failed authentication
notification.
Email
example:
The following user has been authenticated at:
2019-02-13 19:22:25
MAC Address: 00:35:44:31:74:2a
User Name: talm
NAS-Identifier: MLAB ArubaMC-VA-01
NAS-IP Address: 10.100.110.201,
Port: %{Radius:IETF:NAS-Port-Id},
Device Type: xiaomi NE-520G
There
are plenty of e-mail messages you can configure for different scenarios using
the following method.
Great thanks to Derin Mellor, from Aruba Networks, for the right guidance on this one.