07-11-2016 08:21 AM
I'm currently trying to send accounting info to our firewall including the filter-id option for group assignment, but the format it is using is causing me issues. If i put a fixed text string in everything works fine, but as soon as it returns multiple groups dynamically it fails.
As a workaround solution i was wondering if i could assign a clearpass variable, specifically 'Aruba-user-role' into the filter-id as i know this will only assign one string and should be a viable alternative.
07-14-2016 08:39 AM
Well it turns out thats a No. I've tried various solutions over the past few days including writing custom attributes into the end point database, but for some reason accounting does not seem to be able to read any attributes other than those pulled from AD, even the ones in the list of choices under filter-ID. packet captures show they are either sent through blank or invalid.
Putting a custom attribute in AD seems to be a workable solution to my problem.