My name is Paul Mathew and I am working as a Network Engineer at American School of Dubai, in UAE. Our environment is 99% MAC and IOS devices, and some of you were aware of Mobile Account concept in MAC. Let me explain briefly about it. Mobile account means when we login to a MAC machine as network user we create the mobile account so that the user can login to the device even though the network is unavailable and it acts like a local account. In our campus we have Aruba wireless infrastructure and for students and staff the WiFi authentication is 802.1X using windows RADIUS. Because of this setup there is no network connectivity when they login to the machines. Since we create the mobile account they are able to login to the machine even though the network is unavailable and therefore there is no authentication happening in AD (Active Directory). Since there is no authentication we cannot resolve the source user on PAN and we don't have any exchange server as everything is on Google. Is there any chance we can get the source user details from the Radius server since all the users got authenticated against Radius for the 802.1X. Please help us to solve this issue other than Captive Portal.
Solved! Go to Solution.
Following are the available UserID methods :
The following Doc talks about Radius (Cisco ACS) and User-ID integration in the environments using 802.1x devices and wireless access points and controllers.
A script can be configured to run on the Syslog server that will extract the user and IP information from the message, format it correctly for the UID-API, and then send it to the API agent.
I tried the XML API and it worked and now I am able to get all the names resolved on User-ID Agent and what we did is we dump all the logs to a linux box and from there it pushes everything to the User-ID Agent. Now the issue is in PA we configured the User Identification and through port TCP 5007 but it's not connecting to the server where the User-ID Agent is installed. Because of this it cannot resolve the source users in PA. I hope somebody can help me on this.
The firewall uses Management interface to connect to the Agent Server by default.
can you reach the Agent server from the firewall?
>ping host <IP of the Agent srvr>
Check if the Agent is listening on the port configured.
>netstat -an | findstr "5007"
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!