multiple users same machine privileges crossed

Reply
Highlighted
L1 Bithead

multiple users same machine privileges crossed

currently have a customer using radius authentication on the wireless and user-id on the PA. The problem is when two different users use the same machine. Teacher logs in and gets a policy applied to the session going through the firewall and she logs out and a student logs in to the same machine, that student has the same privileges through the PA as the teacher did. It seems like the PA is not releasing the session and applying the correct policy to the new user. Any ideas?
setup is HA-3020's and Aruba wireless. Radius auth is against microsoft 2012 server
Thanks!
bat
L5 Sessionator

Re: multiple users same machine privileges crossed

dthibodeaux

Do you see the (student) user name in the traffic logs when it hits the policy that you have created for teacher ?

If not, please verify if the ip-user-mapping changes for that IP address after teacher logs out and student logs in.

You can check the ip-user-mapping for an IP using the following command:

show user ip-user-mapping ip <ip/netmask>

L6 Presenter

Re: multiple users same machine privileges crossed

Hi Dhibodeaux,

Actually this should not happen, because when user logs out, it creates a security log on AD server. Firewall reads it and remove the mapping. We should try to find out why its not happenning.

However, there are two solution for this.

1. Reduce Timeout interval for user-id to ip mapping. - Which means older mappings will expire if there is no activity from them.

2. Or enable WMI probing - User-id agent queries all active users, if they dont respond. Its removed.

Regards,

HArdik Shah:

L1 Bithead

Re: multiple users same machine privileges crossed

ok so some more info

This is only happening on wireless users....wired works fine. we are not seeing a user/ip mapping for the wireless users...the source user is blank

Is there some new feature in 6.0 to help with this?

bat
L5 Sessionator

Re: multiple users same machine privileges crossed

dthibodeaux

Source user field is blank due to the username not being pushed correctly, how are you pushing the usernames from the Aruba wireless  ? Are you using XML API ?

L1 Bithead

Re: multiple users same machine privileges crossed

I'm guessing I'm not...:smileyconfused:

bat
L5 Sessionator

Re: multiple users same machine privileges crossed

L6 Presenter

Re: multiple users same machine privileges crossed

you have to use api or the new syslog feature as mentioned.

L1 Bithead

Re: multiple users same machine privileges crossed

ok so this customer does not have clear pass so I am assuming the xml api solution wont work...as far as the syslog solution, I am trying to set this up in my lab. I have a aruba controller, pa200, and 2008 server. Do I run the syslog server on the same server as the user-id agent is on or do these need to be separate boxes? I am running kiwi syslog server on the same 2008 server as the UID agent is on...think I said that already :smileyhappy:

The document keeps referring to a "syslog sender" and I am not sure if that is the controller, the PA, or the 2008 server.

Thanks

David

bat
L5 Sessionator

Re: multiple users same machine privileges crossed

dthibodeaux

Syslog sender should be aruba controller which should be sending login/logout events to pa200. On pa200 you should have syslog parser profile to parse these logs and extract the User to IP information.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!