Current Setup:
1) I do not have AD as authentication source, only local DB.
2) CA, Machine and Client certificates have been generated by the CA and installed in the client.
3) AD credential have been exported into clearpass local DB with department attribute.
4) The default local DB only grab the role_name and enable/disable, therefore I have created another SQL query (copied from somewhere in this forum) to grab the department attribute.
Questions:
1) Am I right to untick authorization in TLS for Machine Auth since I do not have access to the AD and I have nothing to check against?
2) I can't get the department attribute for User Auth is it because that I have untick authorization in TLS?
3) I need to tick authorization in TLS for User_Auth so that it will check against the local DB and get the attribute for role mapping?
Generally what I want to achieve is to have both machine and user authentication as well as to grab the department attribute from the local DB. How can it be done?