Wireless Access

Reply
Contributor II

Client get wrong User role after Authentication

Hi all,

I have a problem with an Open SSID. After authenticated, my client always get "authenticated user role" even though AAA  profile is correct.

Any one can help me fix this issue?

 

Many Thanks for help.

 

Guru Elite

Re: Client get wrong User role after Authentication

You should type "show user ip <ip address of user>" to see how it got its role.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Contributor II

Re: Client get wrong User role after Authentication


@cjosephwrote:

You should type "show user ip <ip address of user>" to see how it got its role.


Hi Colin,

The output show role is authenticated, but i don't know how my client receive that role.  I've already used "show reference" for that role and i see that none of my AAA profile in used.

Anyway, i'm very appreciate for your help.

 

 

Guru Elite

Re: Client get wrong User role after Authentication

Mac authentication from a Radius VSA:

Authentication: Yes, status: started, method: MAC, protocol: PAP, server: NSRP-Clearpass
Role Derivation: ROLE_DERIVATION_MBA_VSA
VLAN Derivation: MBA MSFT Attributes
mac auth server: NSRP-Clearpass, dot1x auth server: N/A
******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Contributor II

Re: Client get wrong User role after Authentication

Hi Colin,

So, client get wrong role possible cause by policy on AAA server ?

I am treating leg injuries so i can't check it now :). I will check it as soon as possible then report to you the result.
Many thanks for help. 

 

Highlighted
Guru Elite

Re: Client get wrong User role after Authentication

The client got its role as the result of mac authentication.

If you are sending an Aruba-User-Role attribute back in your mac authentication response from your radius server, that is what is changing the role.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Contributor II

Re: Client get wrong User role after Authentication

Hi Colin,

You're right, my client get its role as the result of an attribute on clearpass. I've already removed it.

 

Thank for your support.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: