ArubaOS and Controllers

Reply
Frequent Contributor II
Posts: 128
Registered: ‎03-13-2008

How do I configure an Aruba controller to use AD groups through IAS/Radius?

We have an ssid that is using 802.1x auth terminated on the Aruba controller and credentials are located on AD via IAS.
User login authenticate to the IAS server gets dropped in to the “802.1X Authentication Default Role” role. This part works fine.

I’m not trying to set up separate roles for user groups. We have users in AD groups and would like to have the same roles in the controller to match the AD groups. (.... IT AD group should be mapped to IT role in the controller)

I’ve set up server rules, which I can’t figure out what the “Condition” field should be set as. I’ve tried 3 different ways see screen capture. None of these seem to work I still get put in to the .1x auth default group.

I might need more setup on the radius server, not sure. If so does anyone have a document on this?

Thank you for the help.
David Dipert
Guru Elite
Posts: 20,347
Registered: ‎03-29-2007

Radius Attributes

Ddipert,

There are things you need to put in place:

You need a separate Remote access policy on IAS for each group of users for which you want to derive a role, a radius attribute that is returned when that group is matched and a rule looking for that attribute on the Aruba Side:

1. That remote access policy needs a "Windows Groups Matches" policy condition that matches the AD group you want to key on. (figure 1)
2. That same remote access policy need to return a radius attribute back to the Aruba controller under the Edit Profile> Advanced Tab (Figure 2)
3. The Server group on the Aruba side needs to have a rule that looks for that attribute to have the contents you had in step 2 and change the role when it sees that. (Figure 3)

You would repeat 1,2 and 3 for each AD group that you want to do this with. There is a shortcut when you get this to work that in the ArubaOS 3.4 user guide under "Configuring Radius Attributes".

I hope this helps.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 128
Registered: ‎03-13-2008

Re: How do I configure an Aruba controller to use AD groups through IAS/Radius?

Colin thanks for the help works great.
David Dipert
Search Airheads
Showing results for 
Search instead for 
Did you mean: