- Community Home
- >
- Networking
- >
- IMC
- >
- Re: IMC Operator does not authenticate against Cle...
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-04-2020 10:20 AM
08-04-2020 10:20 AM
IMC Operator does not authenticate against ClearPass TACACS server
Hello,
I'm trying to setup IMC so that operators authenticate against a TACACS server (in my case it is aruba Clear Pass). I have been successful to anthenticate a number of heterogenous networking devices, that it looks IMC does not like it.
I have setup the "System->Operator-Authentication server:TACAS+" as per the online help, but nothing happens.
I cannot even see an authentication attempt in the clear pass server (obviously I verified that NAS IP and SECRET key are matching
Has someone any experience in this kind of setting?
Thanks in advance for sharing:
Ray
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-06-2020 05:05 AM
08-06-2020 05:05 AM
Re: IMC Operator does not authenticate against ClearPass TACACS server
Hi,
As per the IMC Administration guide, it says "You can configure authentication services through RADIUS or LDAP using the Authentication Server feature found under Operator Management' and does not talk about TACACS. May be you can try with RADIUS.
I am an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-06-2020 07:21 AM
08-06-2020 07:21 AM
Re: IMC Operator does not authenticate against ClearPass TACACS server
Hello,
The Administration guide does not talk about TACAS, but On-line Help does.
I have tried to configure it using RADIUS, and that works fine.
However we tries to consolidate all IT Access Services using TACAS as iti is commonly used by most networking devices and apps., and also to streamile the Clearpass policies.
We are currently not running the latrst IMC version, so I'll install the lastest patch and give another try.
If it works I'll keep you posted.
Thanks
Ray
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-19-2020 02:57 AM
08-19-2020 02:57 AM
Re: IMC Operator does not authenticate against ClearPass TACACS server
Hi Ray,
Were you able to upgrade the IMC and test
I am an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-07-2020 02:51 AM
09-07-2020 02:51 AM
Re: IMC Operator does not authenticate against ClearPass TACACS server
Hello,
I have upgraded to the latest patch release (P06) with the same result.
The TACACS configuration fields are still in the "Authentication server" tab, but seems not to be taken in effect, and the ON-Line help still mentions the TACACS configuration possibilty.
Nevertheless the configuration template still lacks the "priviledge-level" mapping used by the TACACS protocol to assign an operator's role.
This is realyy annoying because I do not know if that piece of code has been left over my mistake, or reserved for future use, or should work as such ...
It would be very useful, if HPE could talk to the product marketing to find out if there is a pending enhancement request, if/when it is likely to come, or what is going on.
Thanks
Ray
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-08-2020 07:35 AM
09-08-2020 07:35 AM
Re: IMC Operator does not authenticate against ClearPass TACACS server
Hello,
The TACACS auth feature for operators should work, have you tried authenticating to TACACS without returning any specific attributes? Keep in mind, the feature does require you to manually create each TACACS user as an operator in IMC that you'd like to allow to login via TACACS.
The "privilege level" that the user gets will thus be determined by you, when you manually create the operator in IMC - with "Authentication Type" set to TACACS and "Operator Group" used to determine what the operator is able to do. The TACACS server will simply handle the verification of credentials here, giving the ACCEPT/REJECT to allow iMC to determine whether the operator is allowed to login in the first place.
Personally I'd suggest using the much more popular LDAP method to an Active Directory server, as this option requires no manual work to create operators. It has the benefit of being able to automatically add a new operator to iMC when that user first logs in - if their AD attributes match what you have defined in the Advanced Settings > Synchronize LDAP Operator. For example, you could allow all members of the "Domain Admins" security group to log into iMC. If the AD Domain Admin didn't already exist as an operator in iMC, it would automatically be created and assigned to iMC's built-in "Administrator" group (or any other - it's really up to how you configure it).
Justin
Working @ HPE

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-08-2020 10:13 AM
09-08-2020 10:13 AM
Re: IMC Operator does not authenticate against ClearPass TACACS server
Hello,
I'm have made some further testing.
As I have currently configure the RADIUS authentication server, IMC is always using RADIUS, and I could not find any way to prioritize TACACS over RADIUS (I cannot delete the configuration, I have tried to put an invalid address, 0.0.0.0, blank, etc), IMC never falls back on TACACS. So it might work but I cannot test it.
Concerning the use of AD, I want to use ClearPass as a single point of authentications for the whole network, and I'm trying to consoldate all devices and network apps accesses using TACACS, in order to streamline the CPPM polices and services as much as possible.
Thanks
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP