Hello,
Here is the situation.
I want to send in a way or another the equivalent of my "Radius:Aruba:Aruba-User-Role" trought the accounting proxy on my Fortigate.
The problem is, I cannot use an added Class Attribute sent to my IAP because Clearpass already sends a "built-in" class attribute and when it receive it back it breaks the optional accounting proxy service and we also lose the accounting tab in the access tracker.
The attribute Filter-ID, when added as a radius attribute and sent trought the IAP is not sent back as accounting to the Clearpass.
Another problem is that I want to use Clearpass to enable dot1x on my brocade switches too. The FilterID is used to push ACL number to apply on the authenticated port so I would have to use the broken Class Attribute. (Fortigate can only use 1 Specific Attribute to attach the User Group, so i'ts either Class or FIlter ID)
Adding an attribute directly trought the "Accouting proxy" Tab of the service is possible but I don't know how to send the variable which will equals the "Radius:Aruba:Aruba-User-Role".
The Technote suggest to send "%{Tips:Role}", unfortunalty I do not have a single role, I use multiple {Tips:Role} to build a more specific Enforcement Profile which contains the group I want to send.
I don't know how I could effectively work this issue.