04-04-2014 05:04 PM
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.
04-08-2014 02:10 AM - edited 04-08-2014 02:17 AM
I think you're asking if you can set administrative logins into Clearpass to be authenticated via an external TACACs server correct?
If so, no I don't believe there's a way to do that (unless one of the other guys knows differently).
What you could try, is validating administrative connections into Clearpass via a RADIUS proxy. Cisco ACS (if that's what you're using) acts as a standard RADIUS too (unless you've turned it off), so that might work. Never tried it. If I was going to, I'd...
Setup a proxy...
Configuration > Network > Proxy Target
Then define a service that uses the proxy, but otherwise looks like the "Policy Manager Admin Network Login Service" service.
This might break it if it didn't work, so try it in a lab first.