Upcoming community maintenance Oct. 27th through Oct. 29th
For more info click here
Contributor II

Re: Web/MAC auth tied to specific auth source and AP-group.

Not looking like it, unfortunately. The DB is a mix of our library patrons, city library patrons, and then external schools. The data is aggregated and inserted into the MSSQL DB in such a way that the username portion of the table matches what each organization traditionally uses for a username. One is 12 digits, the other is 9 alphanumeric, and the last is mostly email addresses that follow the particular schools format (some are first initial last name, some are first name dot last name, etc).


Was hoping that keeping them contained to a single DB would be enough. What were you thinking? I might be able to split them up into seperate tables if necessary.


End game is having people in this DB be able to initiate auth against two specific AP-Groups and then MAC-auth for up to 4 hours at which point they'll need to punch their credentials in.

Frequent Contributor II

Re: Web/MAC auth tied to specific auth source and AP-group.

If you want only for them to authenticate on certain ap-a but have access all over campus after that should use different services for the different ap groups. Unless you customize insight you will notice that every authentication will start the mins since auth over.

Since you have more than one group of users I would create another authentication source to same database in Clearpass hopefully you can use a more specific query to get only the users you want.

If you want the users just to do the very first login in a certain ap group then just modify ur enforcement profile to say endpoint:username not exist and ap-group equals rented spaces and authentication source equals SQL then deny / drop request. Once there is a username attribute then rule will no longer be hit.
(Only need one group of services for this)
Search Airheads
Showing results for 
Search instead for 
Did you mean: