06-12-2012 02:51 AM
I working on login for the system engineer on a controller.
The controller must get his information form a ACS 4,2 radius server and acs form the window ad, this work fine.
But i stuck on the Server rules:
I want for example that the group RO get the role read-only
so i maked a server rule
with attribute Aruba-Admin-Role and operation is equals the operand is the group RO type is string and the action is set role and the value is read-only and validated is YES. This doesnot work
i tried also with the operation contains and with the same result
If i change the radius server so that he doesn't send RO as VSA but read-only and i change the the server rule to attribute Aruba-Admin-Role and operation is equals the value-of the action is set role .
This works fine.
But how can i map RO to read-only with the server rule
06-12-2012 05:04 AM
The "Aruba-Admin-Role" on the Radius server must match one of the controller admin roles exactly for this to work. If you return "Aruba-Admin-Role" VSA with text that exactly matches a role, you do not have to write a server derivation rule. It will work automatically.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base