Hi All,
Not sure how many of you use Clearpass and JAMF but I have been able to modify the script provided by clearpass to collect the rotating MAC address of the device so that clearpass will recognise it and be able to assign a policy for the device without having to turn the rotating MAC address off.
The script is below, all you need to do is update the cppm-all-mac-addresses extention attribute script with the one below….
#!/bin/bash
wifi_interface=$(networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/ {getline; print $2}')
rotating=`ifconfig $wifi_interface | grep ether | cut -d ' ' -f2`
result=`/usr/sbin/networksetup -listallhardwareports | /usr/bin/awk '/Ethernet Address/ {printf "%s%s",sep,$3; sep="|"} END {print ""}'`
echo "<result>$result|$rotating</result>"
a few things to note…
- This will only work for MacOS devices and not iOS
- Depending on what time the machine checks in and the clearpass does a JAMF update (every 30 mins) it can take some time to get the updated information
I think you can make this more of a live sync using Skyhook however we dont use this and given the mac address rotates every 14 days it shouldnt cause to many issues.
Anyway this was our solution to without having to disable the rotating address.
cheers
