Wireless Access

Reply
Occasional Contributor II
Posts: 19
Registered: ‎02-08-2012

Management Authentication Server and Server Rules

Hi all,

 

I working on login for the system engineer on a controller.

 

The controller must get his information form a ACS 4,2 radius server and acs form the window ad, this work fine.

But i stuck on the Server rules:

 

I want for example that the group RO get the role read-only

so i maked a server rule

with attribute Aruba-Admin-Role and operation is equals the operand is the group RO type is string and the action is set role and the value is read-only and validated is YES. This doesnot work

 

i tried also with the operation contains and with the same result

 

If i change the radius server so that he doesn't send RO as VSA but read-only and i change the the server rule to attribute Aruba-Admin-Role and operation is equals the  value-of  the action is set role .

This works fine.

 

But how can i map RO to read-only with the server rule

 

Regard

 

Peter Otten

Guru Elite
Posts: 21,289
Registered: ‎03-29-2007

Re: Management Authentication Server and Server Rules

The "Aruba-Admin-Role" on the Radius server must match one of the controller admin roles exactly for this to work.  If you return "Aruba-Admin-Role" VSA with text that exactly matches a role, you do not have to write a server derivation rule.  It will work automatically.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: