11-09-2015 09:01 AM
Can I configure clearpass mactrac with one group of users accessing different mactrac pages.
Is this supported?
I am trying to configure this requirement but seems like clearpass does not support this.
11-09-2015 09:04 AM
For example, these 3 usernames (although same user), can take the user to different pages using
11-09-2015 09:12 AM
11-09-2015 09:31 AM
Authentication:Full-Username ENDS_WITH @mactrac1
Enforcement: Operator Profile: MACTrac1
Be sure to enable realm stripping in the service.
11-09-2015 09:39 AM - edited 11-09-2015 10:02 AM
Clearpass mactrac fail because its the role that control the logic, not the mactrac page.
I hope clearpass developer see this post and reverse the logic or offer an alternative way on the control of the mactrac logic.
I can send multiple roles but it should be the page who will filter which role it will allow or not.
If I send single role, its the first role hit in the enforcement that will be applied..thus the logic fail if same user want to access page 2.
11-09-2015 09:46 AM - edited 11-09-2015 09:46 AM
You need to have an enforcement profile for each operator role.
You create a rule for each realm suffix and map them to an operator role.
So if I use email@example.com as my username, I get the "STUDENT" operator profile in CPG