06-02-2015 02:37 AM
Here's a question for you:-
I needed to link our clearpass service into an existing quarantine solution used by our FreeRadius service. I did this by having a separate MySQL mac_address table with a field that identifies whether a device is quarantined or not and creating an authentication source that does "select count(*) from .... where <mac address is quarantined>"
This returns a 0 if not quarantined and 1 if quarantined. I then use this to set a Quarantine role which is used in my enforcement policy.
Problem is that there is a default caching policy of 10 hours on a generic SQL auth source ... 10 HOURS!
Why 10 hours? That's hell of a long time. I know you can change it for a given auth source object, but a cursory glance at the default makes you think its 3600 seconds i.e. an hour
06-02-2015 02:52 AM