Hi guys,
today I ran into a problem with authenticating Apple Mac OS X clientsvia 802.1X. The initial plan was to handle the Macs like Windows machines and authenticate them via computer authentication against the AD. After some googling I found out that there is no option to da a computer authentication on Macs. Even if they were in the domain.
So I decided to profile them and authenticate the user instead of the machine. What I want to do is the follwing:
Role Mapping 1:
if user auth (Authorization:Domain - memberof) and Apple Mac (Authorization:EndpointDB - OS Family) -> AppleMac
Enforcment:
if AppleMac -> VLAN xzy
I can see in access tracker that the user auth is working against the AD but the second condition (Endpoint DB) is failing.
I also tried to seperate the two authorization sources in two different role mappings and combine them in the enforcement - this fails also.
Does anyone have any clue why? Is there any problem with my config?
Maybe some can give me a hint to reach my goal in a better way?!
thanks in advance
All the clients are profiled via DHCP fingerprint and the Endpoint