SBR needs custom vendor attributes defined in a dictionary file (example_dictionary.dct) and assigned to a Radius Profile as a return list attribute in a user profile so it is returned to the NAS on query.
The rough steps to do this involve creating a profile that contains the desired return list attribute (Aruba-Admin-Role) and then linking that profile with the Radius manager so it's applied.
A key difference between SBR and FreeRadius is that an attribute FLAG must be included which defines if an attribute is a check-list (pre auth) or return list (post-auth) attribute. All of the aruba attributes should be return list.
Dictionary as used by SBR;
VENDOR Aruba 14823
ATTRIBUTE Aruba-User-Role 1 string r
ATTRIBUTE Aruba-User-Vlan 2 integer r
ATTRIBUTE Aruba-Priv-Admin-User 3 integer r
ATTRIBUTE Aruba-Admin-Role 4 string r
ATTRIBUTE Aruba-Essid-Name 5 string r
ATTRIBUTE Aruba-Location-Id 6 string r
ATTRIBUTE Aruba-Port-Identifier 7 string r
ATTRIBUTE Aruba-Template-User 8 string r
PLEASE NOTE: You may modify the default radius.dct and adjust the index numbers (1,2,3..etc) following the attributes to not overlap with existing default radius.dct attributes (it's generally pretty safe to start with 101 or something high up, the max range is 0..255)