Security

Reply
Contributor II
Posts: 50
Registered: ‎04-13-2009

Using 2008 server with RADIUS to determine access based on OU

Hello. I have a need to create a RADIUS policy where the server will check if the user is allowed to connect to a specific WLAN based on their OU assignment in AD. Specifically, we need to restrict students and non-technical staff from being able to authenticate to the administrative WLAN. I was wondering if there is a whitepaper that is available.

Guru Elite
Posts: 20,568
Registered: ‎03-29-2007

Re: Using 2008 server with RADIUS to determine access based on OU

[ Edited ]

This involves two things: (one mandatory and one optional)

 

 

Mandatory

1  A Radius Server Side rule to check things like SSID, AD Group, EAP Type and to return authentication status of "passed" to the Aruba controller.  It can also send an attribute along with that positive authentication back to the Aruba controller

 

Optional

2  A server derivation rule in the Aruba controller to process to attribute to put a user in a role.

 

 

How you write#1 depends 100% on your radius server.

 

Please see this article for how to do it on a Microsoft Radius Server:  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/How-do-I-configure-an-Aruba-controller-to-use-AD-groups-through/m-p/2501/highlight/true#M552

 

Here is an article to see what radius attributes are send to your Aruba Controller from your radius server:  https://kb.arubanetworks.com/app/answers/detail/a_id/826

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: