03-30-2016 10:32 AM
I'm working with mac auth in a test environment using the controller's internal database.
Even though I've set a "MAC Authentication Default Role" in the aaa profile, the role that gets assigned to the user is coming from the user entry in the internal database.
Is there a way to have the aaa proflie's MAC auth default role be assigned?
There does not seem to be a way to delete the internal database role in the GUI.
Solved! Go to Solution.
03-30-2016 10:41 AM
If you are using the server-group "default" or "internal" it would have a derivation rule as below.
aaa server-group "default"
set role condition role value-of
Try deleting the rule or create a different server-group that doesn't have the derivation rule.