Security

Hello's, and excuse the lengthy email :smileyfrustrated:

I have an interesting scenario.

I have a controller SSID whose login page is ClearPass. Users authenticate to this splash page using their AD credentials. I also have Mac-Caching enabled which allows users sessions who have authenticated once to stay "alive" for the duration of the Mac-Caching settings.

We are also using ClearPass Guest and we allow our users to register their AppleTv devices and share them to their colleagues using their colleages AD credentials. Everything works initially; The controller can share the Apple tv to the correct usrs by using their AD user names which were provided when the device was registerd in ClearPass.  The issue it seems arises when Mac-caching kicks in.

From what I've been able to gather, when an AppleTv is first shared it is shared to the AD cred's and this info is published to the controller and managed by Airgroup. Once Mac Caching kicks in, the user is no longer known by the controller by his AD user name but by a mac-address. In Clearpass, the Atv is shared to AD user accounts, and on the controller AirGroup knows the ATv is shared to the AD user name and therefore once Mac-Caching kicks in the users lose access to the AppleTv. Has anyone else run into this? Any ideas?

Thanks much for your time,

Sky

You need to return the username to the controller in your MAC-auth service.

I thought I posted these a while back but I will post them again. All you need to do is import these into your enforcement profiles.  :)

Password: aruba123

Attachment(s)

ReturnAttributesEnforcementProfile.zip   691 B 1 version

Troy,

Thanks for the uploads. They augmented the solution well.

thanks again,

Sky

Tim,

Thanks much for your quick response.

This worked.

thanks again,

Sky