Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Trying to setup role mapping based on hostname- help

mauriceben_
Occasional Contributor
‎04-02-2014 12:54:PM
‎04-02-2014 12:54:PM

Trying to setup role mapping based on hostname- help

Hi guys,

 

I'm trying to setup a role mapping rule based on a custom expression to get either the hostname of the machine connecting to our VPN on our SA6500 or the MAC of the device connecting.

 

I used the policy tracing to find out that there's a variable that contains the MAC but I can't seem to be able to use it in an expression...

 

Variable callingStationId = "xx-xx-xx-xx-xx-xx" 

 

I don't see that variable listed when I'm trying to create a custom expression...

 

Any of you guys have an idea how this could be done?

 

Thanks

 

0 Kudos
3 REPLIES 3
kalagesan_
Super Contributor
‎04-02-2014 11:57:PM
‎04-02-2014 11:57:PM

Re: Trying to setup role mapping based on hostname- help

Hi Maurice Ben,

 

I understand your requirement , I hope you are using Radius as authentication and Accounting server in your testing.

 

If you are using radius server, you can use rolemapping based on user attribute instead of custom expressions since user attributes list for radius server will list all standard radius attributes including Calling-Station-ID, Called-Station-ID  etc.

 

You can make rolemapping based on  user attribute and use  Calling-Station-ID attribute, either you can use complete  mac address or part of MAC address added with wildcard * if you need to allsow set of mac address having similar values in the mac address.

 

Hope this helps.

 

Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks!

 

Regards,
Kannan

0 Kudos
mauriceben_
Occasional Contributor
‎04-03-2014 07:32:AM
‎04-03-2014 07:32:AM

Re: Trying to setup role mapping based on hostname- help

Hi Kannan,

 

Thanks for your answer, but I'm using an LDAP auth server setup...

 

I can see the user attributes when setting up a Radius auth server, but right now I'm not using this...

 

Do you know if there's a way to do this using an LDAP auth server?

 

Thanks.

Luc

0 Kudos
kalagesan_
Super Contributor
‎04-03-2014 07:01:PM
‎04-03-2014 07:01:PM

Re: Trying to setup role mapping based on hostname- help

Hi Luc,

 

I don't think LDAP server can support "calling-Station-ID" , you need to use radius server as authenticaton server since "Calling-Station-ID" is a radius attribute and it is not a LDAP attribute

 

Regards,

Kannan

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.