Hi,
I have a MAC Caching service that authenticates againsed AD, looks up a group and maps to a role. gsStaff to [Staff]
I then have an enforcement policy that matches the [Staff] role, updates the endpoint as known, sends a CoA and a custom post authentication profile that adds the authentication username and the roles that were matched to the endpoint attributes.
Type=Endpoint, Name=Username, Value=%{Authentication:Username}
Type=Endpoint, Name=ADtoClearpassRoles, Value=%{Tips:Role}
The issue I'm having is that when modifying the MAC Authentication service mapping rules I attempt to select Type=Endpoint, Name=ADtoClearpassRoles EQUALS but the value is blank and no drop down for the roles within the endpoint attributes are selectable.
In essence I'd like to place MAC Authenticated devices into particular VLANS based on the AD groups from who originally authenticated the device. I'm not too sure if I'm going down the right track.
Can someone point me in the right direction please?
Cheers
Shaun