Hi,
Given that we have applied 802.1x on wired network, there are issues with devices that do no support it.
As we are an university, we have many different types of users (administrative staff, researchers, students etc) and even more weird devices.
My idea of a flow for onboarding is:
- User connects the device to wired network.
- Device will be redirected to guest registration, but will have no effect, as it's a headless device. A dhcp packet is forwarded to ClearPass, hence it is now profiled.
- User logs into a self service page I will develop. User can lookup the mac address and take ownership of the specific device.
- When device is reconnected, it will Mac AUTH and be placed in a vlan dedicated for this kind of device.
Step 1-3 is no problem, but I have a problem in step 4.
My plan is in step 3 to add the attribute "Owner" to the device, and enter the username of the person who has taken ownership of the device.
What i need now, is to configure Clearpass to do Mac Auth and use the device attribute "owner" to lookup in AD to see if that user exists. If i can also check if the user is active and not disable in AD, it would be great, but not nessesary.
Does anone have some sort of input on how to achieve this?
Br,
Thomas