Good morining,
We are moving from Windows NPS to Clearpass, amongst other things for logging on to our infrastructure devices. We have a mix of Aruba, ArubaOS-CX and Comware switches that are using NPS for admin logins with AD credentials without problems.
I've created the same RADIUS service in Clearpass and changed the radius-server host to Clearpass. Login works for all 3 switch types, but for the ArubaOS-CX switches I am unable to execute any command with the message "Cannot execute command. Command not allowed."
some screenshots of the working NPS return attributes:
how this translates to Clearpass:
This works for ArubaOS and Comware, but for ArubaOS-CX I cant get any commands executed.
The AOS-CX device in Clearpass is configured with vendor name "Aruba"
What I've tried:
- move to TACACS instead of RADIUS - same thing, logon works but no commands
- configure extra VSA's on the Clearpass enforcement profile to return to the switch: aruba-command-string (with some test commands), aruba-priv-admin-user (value 7 and other) - same thing, aruba-user-group (administrators) - same thing
AOS-CX version is:
Any idea what I am missing?
Kind regards,
Kris