Hi
Can anyone help out with a strange issue?
We have an Aruba 7210 controller and I want to set up management and guest provisioning access based on AD groups. We want a different set of users to manage the guest user accounts. I have set up the Ldap servers on the controller and created 2 server rules as follows
set role condition memberof contains "Network_Admins" set-value root
set role condition memberof contains "Guest_Provisioners" set-value guest-provisioning
The problem is that when a user in either of the AD groups "Guest_Provisioners" or "Network_Admins" logins in they are placed in the root role and have full access to the controller.
Also, if I remove the rules completely, the "Guest_Provisioner" user can still login but the "Network_Admins" user cannot, which seems very strange to me.
Has anyone come across this before or do I need to set up something else?
Many thanks
Roy
#7210