Management user in Aruba controller not receiving correct privilege level via TACACS authentication

MVP
MVP

Problem:

Management user in Aruba controller not receiving correct privilege level via TACACS authentication



Diagnostics:

Management user not receiving appropriate role /privilege while authenticating against ClearPass using TACACS

 

From the CLI of controller, when we check the privilege level for user: test , we see that root access is provided. From ClearPass access tracker log, we see that read-only access is returned.

 

 

From the pcap, we see the authentication is successful but do not see any TACACS authorization request received from Aruba controller to provide the appropriate privilege level to the management user: test

To enable TACACS authorization for TACACS server in the controller, navigate to Security > Authentication > Servers. Select the appropriate server configured for TACACS auth under TACACS server and enable "Session Authorization"

 

From pcap, we can now see that TACACS authorization request is sent from Aruba controller and ClearPass returns appropriate privilege level to management user: test

 

From CLI of controller, we can now see user: test getting the correct privilege level: read-only



Solution

"Session Authorization" option needs to be enabled in TACACS server configured in Aruba controller 

Version history
Revision #:
3 of 3
Last update:
‎01-03-2018 04:01 AM
Updated by:
 
Labels (2)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: