Hi all,
We have (1) Aruba 7210 - Master, (1) Aruba 3400 - Local1, and (1) Aruba 3400 - Local2
We want to authenticate users via 802.1x to Windows NPS. Everything is working on Local2, but not on the Master or Local1 for some users.
We want our users to log into their machines, and those credentials then get sent to Windows NPS for authentication.
What we are seeing is the following:
172.20.54.146 60:67:20:98:f2:de SCHOOL\john dot1x-user-default-role 00:03:02 8021x-User MAIN-ITS.2-AP Wireless S-802dot1x/00:24:6c:2e:55:d9/a-HT gs-dot1x-aaa tunnel
172.20.54.149 00:23:14:b4:e5:e4 SCHOOL\george gs_admin_staff 00:00:41 802.1x MAIN-ITS.1-AP Wireless S-802dot1x/00:24:6c:2f:41:c1/g-HT gs-dot1x-aaa tunnel
172.20.54.160 00:24:d7:d4:4a:48 GEORGESCHOOL\adam dot1x-user-default-role 00:03:17 8021x-User MAIN-ITS.1-AP Wireless S-802dot1x/00:24:6c:2f:41:c9/a-HT gs-dot1x-aaa tunnel
The users are being given the default role of "dot1x-user-default-role" when AUTH TYPE is "802.1x-User" but they are given the correct role when AUTH TYPE is "802.1x".
What is the difference? Is there a reason one machine is doing it differently then others?
Also, here is the RADIUS debug logs:
Jun 27 11:50:37 :522044: <INFO> |authmgr| MAC=00:24:d7:d4:4a:48 Station authenticate(start): method=8021x-User, role=dot1x-user-default-role//s_admin_staff/logon, VLAN=54/54, Derivation=1/1, Value Pair=1, flags=0x2
Jun 27 11:50:37 :522016: <INFO> |authmgr| MAC=00:24:d7:d4:4a:48 IP=?? Derived role 'S_ADMIN_STAFF' from Aruba VSA
Jun 27 11:50:37 :522017: <INFO> |authmgr| MAC=00:24:d7:d4:4a:48 IP=?? Derived role 's_admin_staff' from server rules: server-group=s-auth-dot1x, authentication=8021x-User
Jun 27 11:50:37 :522127: <DBUG> |authmgr| {L2} Update role from dot1x-user-default-role to dot1x-user-default-role for IP=0.0.0.0.
Jun 27 11:50:37 :522049: <INFO> |authmgr| MAC=00:24:d7:d4:4a:48,IP=N/A User role updated, existing Role=dot1x-user-default-role/dot1x-user-default-role, new Role=dot1x-user-default-role/dot1x-user-default-role, reason=Station Authenticated with auth type: 11
not sure why the two of their roles are not changing, while the other one is. I belive it's the auth type, but not sure.
#7210#3400