Skip to main content

Hi All,

Not sure how many of you use Clearpass and JAMF but I have been able to modify the script provided by clearpass to collect the rotating MAC address of the device so that clearpass will recognise it and be able to assign a policy for the device without having to turn the rotating MAC address off.

 

The script is below, all you need to do is update the cppm-all-mac-addresses extention attribute script with the one below….

 

#!/bin/bash

 

wifi_interface=$(networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/ {getline; print $2}')

rotating=`ifconfig $wifi_interface | grep ether | cut -d ' ' -f2`

 

result=`/usr/sbin/networksetup -listallhardwareports | /usr/bin/awk '/Ethernet Address/ {printf "%s%s",sep,$3; sep="|"} END {print ""}'`

 

 

echo "<result>$result|$rotating</result>"

 

a few things to note…

 

  • This will only work for MacOS devices and not iOS
  • Depending on what time the machine checks in and the clearpass does a JAMF update (every 30 mins) it can take some time to get the updated information

I think you can make this more of a live sync using Skyhook however we dont use this and given the mac address rotates every 14 days it shouldnt cause to many issues.

 

Anyway this was our solution to without having to disable the rotating address.

 

cheers

 

 

@nexus0000 If Clearpass is only being applied to your internal network is there a specific reason that you don’t want to turn off MAC address randomization in your Wi-Fi Network configuration for it?

Thanks for sharing ​@nexus0000 - that’s worth a try! We had similar issues with Clearpass and have disabled MAC address randomisation in the config profile for our internal Wi-Fi network. Other networks still have randomisation enabled.

Terms & ConditionsCookie settings