Hi All
I have Clearpass 6.7 that is authenticating some users connecting to a VPN solution. I have a small subset of users that require different roles to be assigned so I have added them to the local user repository and added this as an authorization source. I have added a couple of attributes for the users that I use in role mapping, the role mapping policy checks if the account is enabled, checks for the existence of the attribute, and maps the relevant role. Everything works as expected except when I change something, for example if I disable the account and then reconnect, this is not reflected in the role mapping for some time, it's as if it is being cached. I saw the same thing with AD group membership, if a user is added to a group it takes a while for this to be reflected in role mapping, even though I can see they are a member of the group looking at the AD authentication source.
I don't have the "Use cached Roles and Posture attributes from previous sessions" ticked on my enforcement policy and I've tried setting the "policy result cache timeout" to 0.
Any help would be appreciated.
Thanks
Dave