10-27-2011 07:15 AM
I followed the guide here until selecting the authentication method where i chose "Microsoft: Smart Cart or other certificate".
I have attached screenshots of the current configuration..
Question though.. The "Host" ip on the Aruba what should go here? I am assuming the NAS IP = the Radius server. The Key is the same as I setup on the Radius server.
Sorry for the multiple posts but I cant add more than four photos per post..
10-27-2011 07:35 AM
Make sure you pass back the class attribute from the RADIUS server, to match your role on the Aruba controller. Example: Class: employee
10-27-2011 10:37 AM
Not sure about EAP-TLS, but with EAP-PEAP with MSCHAPv2, you have to pass back the role you want the user to get on the Aruba controller.
On the RADIUS server, under Policies, Network Policies, Create a policy that tests for some group on the AD, for example All Employees, then on the settings tab, add a Standard Attribute, Name: Class, Value: employee. This will pass back that value to set the role of the user after authentication.
11-01-2011 08:38 AM
You can use the Aruba Vendor Specific Attribute (VSA) Aruba-User-Role in your return Access-Accept to automatically derive a role on the Aruba controller for each class of user.