Frequent Contributor I

AD/RADIUS Attributes

I am looking to see if I can get my RADIUS server (NPS) to pass Active Directory attributes back to my Aruba controller.


The goal is to set a user's role based on an Active Directory attribute, rather than a Group.


This works fine with captive portal, but does not seem to work with RADIUS.


Is this possible?

Guru Elite

Re: AD/RADIUS Attributes

That is because LDAP has access to those attributes and sends all of them back in a response.  In radius, you have to manually map those attributes to a radius attribute and return the radius attribute to be handled by the Aruba controller.  A Radius server that specializes in authorization like ClearPass makes it easy to do this mapping.  NPS makes you write a rule or remote access policy for every attribute that you want to map and send back.

Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
Frequent Contributor I

Re: AD/RADIUS Attributes

Thanks for the reply.


So, either I replace my RADIUS with something else, or figure out how to do this from NPS?


I don't suppose anyone has a document that would explain how to do this mapping?



Search Airheads
Showing results for 
Search instead for 
Did you mean: