10-27-2016 03:27 AM
ClearPass can apparently use variables in x.509 certs, presented by clients within EAP-TLS auth, to change the role which is applied to individual clients. How do I find out more about how ClearPass is configured to do this? Also; how do I find out how these cert variables might be manipulated, when the certs themselves are generated by CP OnBoard? E.g. I want an OB user, approved by one Sponsor, to obtain different network access rights to a second OB user, approved by a different Sponsor...
10-28-2016 05:25 AM
Er... I think I may have found my own answer here, via this post: https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-add-custom-attributes-to-the-Client-Certificate-during/ta-p/260778
Anyone confirm that I'm on the right track..?