Wireless Access

Contributor I

user authentication via OU

hi to all.

i'm currently testing user access,however users under different OU cant authenticate. i already configured Radius server and Server group . is there any server rule or any attribute i have to add? below are the details

aruba 7205 controller
win2012 AD

any suggestions will be greatly appreciated
Guru Elite

Re: user authentication via OU

How is your NPS server configured?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: user authentication via OU

Hi Tim,


 thank you for your response. we are doing some trial and error under Server Group. I once added may RADIUS server without any match-rule. I also tried to use FILTER-ID as attrubute,EQUALS, and name of my OU as operand,STRING,SETVLAN,500 but still no luck.


the objective is RADIUS authentication with multiple OUs within a single VLAN.


am I missing something on NPS?


please see attached images


thank you


Re: user authentication via OU

Within your settings for that policy you'll need to add the attribute to be returned.



After that, you'll need an additional Network Policy to catch any user not in those particular groups, provided you still want to give them access, beit in a different vlan.

If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Contributor I

Re: user authentication via OU

Hi Michael,


   I'm thinking that I need to add the OU to conditions, however it seems OU is not an available policy condition aside from User Groups. any alternative for this?



thank you

Guru Elite

Re: user authentication via OU

According to Microsoft, no:  https://social.technet.microsoft.com/Forums/en-US/acc242bf-9edf-41bf-9a7c-73abc3a98fc9/nps-network-policy-based-on-ou-structure?forum=winserverNAP



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: