I'm prototyping a NAC setup which has to cater for Macintosh clients as well as Windows. I can get the Macs to authenticate via 802.1x (surprisingly easy using the built in software!) but what I can't do is setup a Posture Validation Rule to identify that the client is a Mac and not a Windows machine. I've tried using the Cisco:PA:OS-Version condition set specifying "contains" MAC. I've also tried "contains" 10 but it doesn't work. I think it probably doesn't work as the condition set depends on the CTA being installed on the Mac which it isn't (and it's not an option either).
EDIT: Anyone tried installing the CTA on a MAC? It's horrific. Extract the files and run the install, OK so far. It then puts the config ini file in a directory no user (not even Admins) has permissions to so you can't modify it and BOY do you need to modify it!