Security, WIDS/WIPS and Aruba ECS

Reply
Guru Elite
Posts: 8,456
Registered: ‎09-08-2010

RADIUS Filter by Description field

Hello - I have a pretty unique situation. We are a subdomain of a forest in an educational environment. Our wireless networks are currently setup to authenticate against our subdomain x.y.edu.

We want to add another network that authenticates against the forest (y.edu) so that people from the other institutions in our system can login with their forest credentials.

So there are two accounts for each user, the local subdomain account (user@x.y.edu) and a forest account (user@y.edu).

My issue is that local users will be able to login to this new network with their forest account. I want to filter so they cannot. We have the location of the user in the "Office" attribute in AD and I want to deny access to users that have "XXX" in that field. Is this possible in RADIUS? (we are using server 2008 r2 radius)

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 21,010
Registered: ‎03-29-2007

Re: RADIUS Filter by Description field

You would do that through a remote access policy in NPS that denies based on a rule:



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite
Posts: 8,456
Registered: ‎09-08-2010

Re: RADIUS Filter by Description field

The issue i'm having is that all of the users are in "Domain Users" and not separated into groups by college. I am trying to reference the "Office" attribute, as seen in the attached picture, and say if office = "LSC", deny access.

Thanks

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: