Security

Reply
Contributor II
Posts: 48
Registered: ‎07-22-2009

AD/RADIUS Attributes

I am looking to see if I can get my RADIUS server (NPS) to pass Active Directory attributes back to my Aruba controller.

 

The goal is to set a user's role based on an Active Directory attribute, rather than a Group.

 

This works fine with captive portal, but does not seem to work with RADIUS.

 

Is this possible?

Guru Elite
Posts: 20,995
Registered: ‎03-29-2007

Re: AD/RADIUS Attributes

That is because LDAP has access to those attributes and sends all of them back in a response.  In radius, you have to manually map those attributes to a radius attribute and return the radius attribute to be handled by the Aruba controller.  A Radius server that specializes in authorization like ClearPass makes it easy to do this mapping.  NPS makes you write a rule or remote access policy for every attribute that you want to map and send back.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 48
Registered: ‎07-22-2009

Re: AD/RADIUS Attributes

Thanks for the reply.

 

So, either I replace my RADIUS with something else, or figure out how to do this from NPS?

 

I don't suppose anyone has a document that would explain how to do this mapping?

 

Thanks.

Search Airheads
Showing results for 
Search instead for 
Did you mean: