Security

 View Only
last person joined: 22 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Need some direction on CPPM - Domain Joined PC and Auth User

This thread has been viewed 8 times
  • 1.  Need some direction on CPPM - Domain Joined PC and Auth User

    Posted Jul 27, 2022 08:27 AM
    I am trying to build clearpass roles which distinguish when a user has logged onto a domain join PC or there own device

    Something also the lines of

    AD Account + Domain Join PC = Role_Trust
    AD Account + non-domain joined PC = Role_untrust

    Is this possible and how would I go about it,
    The domain joined PC will be on the network and so will have

    Domain Join PC = Role_DomainPC

    I assume that the machine will auth based on the OU with the computers in, but when the user logs on, this doesnt include the information about the PC domain status.

    Thanks


  • 2.  RE: Need some direction on CPPM - Domain Joined PC and Auth User

    Posted Jul 27, 2022 09:02 AM
    TIPS:Role:Matches_All: [Machine Authenticated] [User Authenticated] = Role_Trust
    TIPS:Role:Equals: [User Authenticated] = Role_untrust
    TIPS:Role:Equals: [Machine Authenticated] = Role_DomainPC

    Configure your Windows supplicant for Machine or User Authentication.  Or better yet, use TEAP.