Security

Reply
Frequent Contributor II
Posts: 479
Registered: ‎03-15-2014

what is the deference between enabling AD attribute as role or as attribute?

I can see that I can Enbale in AD attribute for example Departmnet as a role or as attrbute or both so what is the deiffrence and what scnarios can be driven from this both checks?

Guru Elite
Posts: 8,632
Registered: ‎09-08-2010

Re: what is the deference between enabling AD attribute as role or as attribute?

Role is mapped directly to a role without a role map. 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II
Posts: 479
Registered: ‎03-15-2014

Re: what is the deference between enabling AD attribute as role or as attribute?

So if I enable IT DEPT as a role this doesnt need role mapping?

Aruba Employee
Posts: 10
Registered: ‎05-27-2013

Re: what is the deference between enabling AD attribute as role or as attribute?

Yes, for example if Department = NetOps, the user are automatically tagged with the Role name NetOps in Clearpass. 

 

PS: Roles in clearpass are independent of User-Roles on the Aruba Controllers.

Frequent Contributor II
Posts: 479
Registered: ‎03-15-2014

Re: what is the deference between enabling AD attribute as role or as attribute?

Thanks for clearing up so you say thet roles section in clearpasss is Only for aruba Controller firewall roles only??

Guru Elite
Posts: 8,632
Registered: ‎09-08-2010

Re: what is the deference between enabling AD attribute as role or as attribute?

Yes just for the ClearPass side. 

ClearPass role != controller role 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 777
Registered: ‎03-25-2009

Re: what is the deference between enabling AD attribute as role or as attribute?

Think of it this way:

Clearpass role: just a label

Aruba user-role: firewall policy

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Frequent Contributor II
Posts: 479
Registered: ‎03-15-2014

Re: what is the deference between enabling AD attribute as role or as attribute?

You guys are awsome I really learn alot from you and thank you so much for clearing things up and Hope to be like you

Search Airheads
Showing results for 
Search instead for 
Did you mean: