Network Management

Reply
New Contributor

Airwave and freeRADIUS - Airwave not logging despite valid role response from RADIUS

Hello all,

 

I have followed this guide and have debugged freeRADIUS. freeRADIUS authenticates the request from Airwave and sends an access-accept but Airwave does not like it and log me in.

 

Questions, with details below...

 

What should the role be in the freeRADIUS config, "AMP Administrator" or "AMP Administration"? At present neither works.

 

I can ssh in to airwave and looking at the auth logs for CentOS with

utmpdump /var/log/wtmp*

this only has entries for root and tries against freeRADIUS for root. Is there a log that I can look at in AirWave to see why the it isn't accepting the valid response from freeRADIUS?

 

Article followed

 

https://community.arubanetworks.com/t5/Monitoring-Management-Location/Configuring-FreeRADIUS-to-authenticate-AWMS-Users/ta-p/168920

 

 

From freeRADIUS debug:

 

+} # group post-auth = ok

Sending Access-Accept of id 106 to AIRWAVEIP port 38488
Aruba-Admin-Role = "AMP Administration"

 

OR

 

As per Airwave's role type field

+} # group post-auth = ok

Sending Access-Accept of id 110 to AIRWAVEIP port 38488
Aruba-Admin-Role = "AMP Administrator"

 

The section of the users file

 

DEFAULT LDAP-Group == "someGroup", Client-IP-Address =~ "^AIREWAVEIP", Auth-Type := Kerberos
Aruba-Admin-Role = "AMP Administrator",
Fall-Through = No

 

DEFAULT Client-IP-Address =~ "^AIRWAVEIP", Auth-Type := REJECT
Fall-Through = No

 

Why I am wondering if the role type is different from the documentation.

airwave role.PNG

 

Thank you in advance

 

Komorebi

New Contributor

Re: Airwave and freeRADIUS - Airwave not logging despite valid role response from RADIUS

Solution:

 

The role "AMP Administration" needs to be created in Airwave.

 

AMP Setup > Roles

 

Add role.

 

Set the type to be "AMP Administrator"

 

Give it a name and click Add, to create a role with the default settings.

 

This is the extra step that is needed for the guide here:

 

https://community.arubanetworks.com/t5/Monitoring-Management-Location/Configuring-FreeRADIUS-to-authenticate-AWMS-Users/ta-p/168920

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: