All,
I'm working with a client that has a unique VPN requirement. We have a Clearpass OnGuard install that utilizes the unified VIA VPN client and performs posture checking.
We're going to setup a system that ties the rights and privileges of a VIA user role to a specific AD group. This part is pretty straightforward to setup. The question they had is, if a user is in multiple groups, can they have the rights of those multiple roles?
The way that I am thinking of doing this would be:
1. Come up with the restricions for group #1 and create an Aruba user role #1
2. Come up with the restricions for group #2 and create an Aruba user role #2
3. Design an Aruba user role #3 and only pass that from Clearpass if a user has group membership in group #1 AND group #2
Do you think this is the best way to do this? I'd definitely appreciate if there's a way to stack Aruba user role #1 + #2 at the same time, but I'm not holding my breath.
Thanks!
-Mike