The true problem is that NPS cannot inspect additional radius attributes that Aruba sends that indicates what SSID a Radius Authentication comes from. The Aruba controller sends the following additional parameters:
Aruba-Essid-Name
Aruba-Location-Id
Aruba-AP-Group
Aruba-User-Vlan
To get around this when using NPS, you can:
- Create 2 Radius Server Groups
- Duplicate your first Radius Server (exact ip address, key etc)
- For each individual Radius server, edit the NAS-ID field to any text you want to differentiate one from the other
- Use the NAS-ID as an additional rule on the NPS server...
Does this make sense?