03-31-2015 08:18 AM
I am looking to see if I can get my RADIUS server (NPS) to pass Active Directory attributes back to my Aruba controller.
The goal is to set a user's role based on an Active Directory attribute, rather than a Group.
This works fine with captive portal, but does not seem to work with RADIUS.
Is this possible?
03-31-2015 08:54 AM
That is because LDAP has access to those attributes and sends all of them back in a response. In radius, you have to manually map those attributes to a radius attribute and return the radius attribute to be handled by the Aruba controller. A Radius server that specializes in authorization like ClearPass makes it easy to do this mapping. NPS makes you write a rule or remote access policy for every attribute that you want to map and send back.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
03-31-2015 10:49 AM
Thanks for the reply.
So, either I replace my RADIUS with something else, or figure out how to do this from NPS?
I don't suppose anyone has a document that would explain how to do this mapping?