>Access tracker logs are not available via the API. Regarding your >endpoint question, yes you can add any information that you like to an >endpoint via the REST API.
That's a shame, and yes I know you can ad stuff, I'm doing it now.What about insight, can we query that to get the client mac address from the CN used in an auth ?
>I'm struggling to understand the overall goal here. Why not just use the >external database as an authorization source instead of having static >data in two places?
Because we're trying to get clearpass as independent of 3rd party "stuff" as possible. We use 3rd party auth sources at the moment. A few months ago we had an issue with an external db that failed and caused clearpass to block auth requests and send back access-rejects. Just making sure that it doesn't happen again.
We have an IPAM system that's going to use the API interface to assign numeric vlan numbers to specific mac addresses ( local attribnute UoY_VLAN, which we then send back in access-accept packet) and I'm trying to populate some other locally defined attributes to implement a very very basic asset system ( Basically when someone configures a device to use eap-tls, information display, door entry system etc we want the endpoints db to have locall attributes to say somethig of the form " This cert was installed on this mac address and its in this building on this floor in this room").
The onboard system only has access to the client mac address if you use their installation app. If you use a .mobileconfig file ( which we do for macos/ios) then we don;t have the mac address. I'm therefore trying to jump through hoops to get hold of the client mac address by other means. Thought I could use the API to get hold of info from clearpasss
bit of a lengthy topic to discuss in a post