Clear Pass currently is functioning as the AAA service for the other three property entities. This is a resort with four different hotel entities all within one property. We have all three entities joined to CPPM and we are using their AD servers for authentication queries. This one particular entity will not allow us to join CPPM to their domain but will allow us to add their NPS server to the controller as a RADIUS server.
What I am trying to accomplish is to have one hotel_admin SSID throughout the entire resort where no matter if you are an employee of entity 1, 2, 3 or 4 you get a role based on the entity you are employed by. The property has alot of share spaces so entity 1 employees for instance might have to go over to entity 2's facility for meetings, etc...
I am performing role mapping with role enforcement on Clear Pass and it is working well for entities 1-3. Now I just need to figure out how to accomodate entity 4. I thought if I added their NPS server to the server group in the controller which has Clear Pass already and use an Aruba-User-Role atttribute to do role assigment through a derivation rule that this might work.
Any other options to achieve what I want to do? Could I add their AD server as an authentication source in Clear Pass without joining CPPM to their domain?