Thanks for the tip! Unfortuantely, it didn't work. I'm guessing my syntax might be to blame? This Clearpass is version 3.9.7.
Basically, I was using the basic MAC Cache option in the role yes.
I tried turning off the mac cache feature (in the role), and leveraging the following expression as a standard RADIUS attribute Tmp-String-0.
The goal of the expression is to link to a role ID of 7, limit the maximum client devices to 1, and increase the cached device lifecycle by 1 hour.
If anybody can see what's wrong with it, I'd be glad to know? Thanks...
return
(
($MAX_MAC_ACCOUNTS = 1)
&& (NwaRadiusLocalServer()->GetUserCount(array(
'sponsor_name' => strtolower(GetAttr('User-Name')),
'delete_time' => 0,
'mac_auth' => 1)
) >= $MAX_MAC_ACCOUNTS)
? (AccessReject() && 0) : 1
)
&& empty($user['mac_auth'])
&& NwaDynamicLoad('NwaCreateUser')
&& NwaDynamicLoad('NwaNormalizeMacAddress')
&& ($mac=NwaNormalizeMacAddress(GetAttr('Calling-Station-Id')))
&& ((!empty($user['id'])
&& NwaCreateUser(array(
'creator_accept_terms'=>1,
'mac'=>$mac,
'mac_auth'=>1,
'role_id'=>7,
'visitor_name'=>$user['username'],
'mac_auth_pair'=>$user['id'],
'modify_expire_time'=>'1h',
'auto_update_account'=>1)))
|| (empty($user['id']) && NwaCreateUser(array(
'creator_accept_terms'=>1,
'mac'=>$mac,
'mac_auth'=>1,
'role_id'=>7,
'visitor_name'=>$user['username'],
'sponsor_name'=>strtolower(GetAttr('User-Name')),
'modify_expire_time'=>'1h',
'do_expire'=>4,
'auto_update_account'=>1)))
)
&& 0;