Dell PowerConnect W Clearpass 100 Software Auto Create MAC Auth Account (Authe - Page 13

NOTE NOTE The role_id value in this expression will need to match the Role ID of the RADIUS Role created in the previous step (role_id of 5 in this example). In cases where you want the role to be the same as the original, you can use $user['role_id'] in lieu of the numeric value. This conditional expression assumes that the MAC Authentication Profile configured in the Aruba Controller has the Delimiter set to dash and the Case to upper. Figure 4. Suggested MAC Authentication Profile in ArubaOS configuration. NOTE NOTE The logic is setup to populate the visitor_name field of the MAC Authentication account with the name of the user that authenticated during the authorization phase of this process. Depending on whether you are using the local Amigopod Guest Manager database or an external Active Directory database the $user attribute will have to be modified. For local Amigopod database accounts the value should be $user['username'] and for Active Directory it should be $user['displayname']. The sample code used is designed to create the MAC Authentication account and have it expire automatically at 5pm of the same day the user first authenticates via the Captive Portal process. The expiry time is set via the modify_expire_time attribute and should be customized to suit the deployment requirements at each site. Other common values include '24h' for 24 hours from the current time, 'this Friday 18:00' for the end of the current week at 6pm. On expiry of the account, the RADIUS MAC authenticated session will be disconnected using RFC3576 and the account will be deleted. This configuration is triggered through the attribute do_expire. For more information on these Guest Manager attributes please refer to the Amigopod Deployment Guide. Amigopod |Technical Note Auto Create MAC Account|13