Hi Alon
I think you need to change to check for status Known instead of known, as it's case sensitive. Another option is to change the condition to EQUALS_IGNORE_CASE
------------------------------
Best Regards
Jonas Hammarbäck
ACCX #1335, ACMP, ACDP, ACNSP, ACEP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Dec 08, 2022 06:03 AM
From: Alon Haber
Subject: Dot1x + Known MAC authentication
Hi,
Thank you for replying.
My problem is not with the ITuser.
is with the PRINTERuser.
From the perspective of member of "Printers group" - I have no problem,
But when I am adding the Endpoint status = known - I am having a problem and it does not match rule# 2 (here in the picture above).
Maybe I have related to the wrong parameter in here:
------------------------------
Best regards,
Alon Haber
Original Message:
Sent: Dec 07, 2022 02:19 PM
From: marcel koedijk
Subject: Dot1x + Known MAC authentication
Hi Alon,
Maybe you can give some more information. Check the access-tracker authorization attributes if it contains memberof "IT".
------------------------------
Marcel Koedijk | MVP Expert 2022 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
Original Message:
Sent: Dec 07, 2022 11:02 AM
From: Alon Haber
Subject: Dot1x + Known MAC authentication
Hi,
I have installed a Clearpass cluster and what to make a service that checks if a username in the AD is a member of "Printers group" + its MAC address has to be "known" in order to authenticate it.
Here is my enforcement for that service (rule #2):
The "PRINTERuser" is a role in a role mapping attached to this service.
I have checked - and it worked fine only with the PRINTERuser - which means the problem can't be there.
Here is the role mapping attached as well:
Do I miss something?
Any ideas ?
------------------------------
Best regards,
Alon Haber
------------------------------