I am trying to get TACACS+ authorization working for an A10 Load Balancer on ClearPass (6.8) where it would reply with a list of the users authorized A10 L3V Partitions. The A10 documentaiton states that the TACACS repy should include all of the L3V Partitions that the user is authorized for in the following format: a10-partition=partition1,partition2,partition3
I have created a custom TACACS service dictionary with the required attributes (including this one), and a role mapping policy that will assign CPPM roles for the various L3V Partitions that the user is authorized for according to Active Directory group membership, however I cant figure out a way to translate this to an enforcement policy that would send back the appropriate list of authorized a10-partitions in the TACACS enforement profile.
Is there a way to translate CPPM roles to attribute values? For instance something like a10-partition=%{Tips-Role-1},%{Tips-Role-2},%{Tips-Role-3} Is there any other way to dynamically populate TACACS values for a particular attribute? Open to any/all ideas...