Hello,
I have a problem to authenticate ArubaOS (Management Auth) and Airwave against the same RADIUS Server (FreeRADIUS).
ArubaOS:
Here I have the following builtin roles:
- no-access
- root
- read-only
- network-operations
- location-api-mgmt
- guest provisioning
1. Where can I find the documentation which right each role has?
2. Can I define custom roles for mgmt auth?
Airwave:
In Airwave I can setup custom roles.
Now to RADIUS:
ArubaOS and Airwave parses the RADIUS Reply-Item Aruba-Admin-Role.
For all our Network Admins we have set this to "root".
To achieve Airwave RADIUS Authentication for the same Admins we have set up a role in Airwave which is called "root", either.
This is working well if you're not distinguish Airwave rights.
But know we want to have some Network Admins (ArubaOS role: root) to be Airwave Administrator, e.g. also "root" and some Network Admins (ArubaOS role: root) to be only AP/ Device Manager (e.g. role "airwave-manager" in Airwave).
- How could this be achieved?
- Can I configure somewhere in Airwave which RADIUS Reply-Item is parsed? E.g. a separate RADIUS VSA would be helpful, like Aruba-Airwave-Role.
I know I can configure in ArubaOS Server Rules and tried to get this working:
<< aaa server-group "servergroup_mgmtauth"
<< auth-server asaradius
<< set role condition Aruba-Admin-Role equals "airwave-admin" set-value root
<< set role condition Aruba-Admin-Role equals "airwave-manager" set-value root
But this is not working.
Please help me. How other people achieve this?
Regards,
Tobias Hachmer