@Willem Bargeman wrote:
When your are 802.1x I don't see the reason why you are using SHL. With 802.1x you can do the authorizated based on the LDAP information.
A alternative solution for SHL is using the Endpoint database. You can create additionals attributes in the endpoint database and use this during authorization and use this during the role mapping / enforcement.
Can you elaborate a bit on what you mean by LDAP information?
How I have it working now is machines need to match two sets of criteria. Both the SHL and Active Directory machine authentication to get put in the machine auth role. I want to keep is that way.
Are you saying I can migrate all my MAC's to the endpoint database and use that as one of the criteria in my 802.1x enforcement policy?