04-17-2013 02:27 PM
Hi, Im trying to know why a role is been derivated to my users even if I dont have any server grup role derivation rule or user rules.
In the nps we are sending the Vendor-specific value for two different users group.
1.- Vendor-Specific: Internal
2.- Vendor-Specific: VIP
On the cntroler we don´t have any rule to derivate this but for some reason our users are getting respectively Internal or VIP.
And They are not getting the 802.1X Authentication Default Role on the aaa profile they still getting Internal or VIP this roles are not used in an aaa profile.
Windows Server 2008
Thanks in advance.
04-17-2013 02:33 PM
If you send back Aruba-User-Role, you don't need a server derivation rule. The controller will automatically use the value of the VSA as the role (assuming the value exists as a role). Are you using the Aruba-User-Role VSA?