Wireless Access

Ive got a Mobility Conductor running v8.6 as well as all my Mobility Controllers.  I control access to the Mobility Conductor using radius.  I can get full admin access just fine with the default role set to root under managed network -> system -> admin -> admin auth options.  What I cant figure out however is how to grant read only access to the Mobility Conductor using radius.   Anyone know how to do this?  I do not want to use locally authenticated accounts.

------------------------------
andre heyliger
------------------------------

If you are using a Windows server, please take a look at this old document:  https://higherlogicdownload.s3-external-1.amazonaws.com/HPE/602ed1cb-5984-4169-afcd-6e99387da0bf_file.pdf?AWSAccessKeyId=AKIAVRDO7IEREB57R7MT&Expires=1632869031&Signature=%2BAA5zeOcLFFPTUQSa%2Bn60FAqgDk%3D

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Sep 27, 2021 02:57 PM
From: andre heyliger
Subject: Administrator roles in Mobiity Conductor

Ive got a Mobility Conductor running v8.6 as well as all my Mobility Controllers.  I control access to the Mobility Conductor using radius.  I can get full admin access just fine with the default role set to root under managed network -> system -> admin -> admin auth options.  What I cant figure out however is how to grant read only access to the Mobility Conductor using radius.   Anyone know how to do this?  I do not want to use locally authenticated accounts.

------------------------------
andre heyliger
------------------------------

Ok.  Read through the doc and it looks like Ive done that already.  I do use windows NPS (newer version of IAS) and can successfully login with root/admin access.  Anyone know if I can assign RO access to a radius user without making all users RO?  Ive attached a pic of the Mobility Conductor section where I can select root or RO.

------------------------------
andre heyliger
------------------------------

Original Message:
Sent: Sep 28, 2021 05:46 PM
From: Colin Joseph
Subject: Administrator roles in Mobiity Conductor

If you are using a Windows server, please take a look at this old document:  https://higherlogicdownload.s3-external-1.amazonaws.com/HPE/602ed1cb-5984-4169-afcd-6e99387da0bf_file.pdf?AWSAccessKeyId=AKIAVRDO7IEREB57R7MT&Expires=1632869031&Signature=%2BAA5zeOcLFFPTUQSa%2Bn60FAqgDk%3D

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Sep 27, 2021 02:57 PM
From: andre heyliger
Subject: Administrator roles in Mobiity Conductor

Ive got a Mobility Conductor running v8.6 as well as all my Mobility Controllers.  I control access to the Mobility Conductor using radius.  I can get full admin access just fine with the default role set to root under managed network -> system -> admin -> admin auth options.  What I cant figure out however is how to grant read only access to the Mobility Conductor using radius.   Anyone know how to do this?  I do not want to use locally authenticated accounts.

------------------------------
andre heyliger
------------------------------

You can.  A better article is here:  https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=10129

Basically any value that you return in the "attribute value" field (root in the article) will override the default role.  So you would enter read-only into the attribute value field so that users who authenticate will obtain the read-only role.

(7200) #show mgmt-role

Management User Roles
---------------------
ROLE DESCRIPTION
---- -----------
root Super user role
read-only Read only commands
location-api-mgmt location-api-mgmt
standard Standard role
nbapi-mgmt nbapi-mgmt
ap-provisioning ap-provisioning
network-operations network-operations
guest-provisioning guest-provisioning

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Sep 29, 2021 05:45 PM
From: andre heyliger
Subject: Administrator roles in Mobiity Conductor

Ok.  Read through the doc and it looks like Ive done that already.  I do use windows NPS (newer version of IAS) and can successfully login with root/admin access.  Anyone know if I can assign RO access to a radius user without making all users RO?  Ive attached a pic of the Mobility Conductor section where I can select root or RO.

------------------------------
andre heyliger

Original Message:
Sent: Sep 28, 2021 05:46 PM
From: Colin Joseph
Subject: Administrator roles in Mobiity Conductor

If you are using a Windows server, please take a look at this old document:  https://higherlogicdownload.s3-external-1.amazonaws.com/HPE/602ed1cb-5984-4169-afcd-6e99387da0bf_file.pdf?AWSAccessKeyId=AKIAVRDO7IEREB57R7MT&Expires=1632869031&Signature=%2BAA5zeOcLFFPTUQSa%2Bn60FAqgDk%3D

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Sep 27, 2021 02:57 PM
From: andre heyliger
Subject: Administrator roles in Mobiity Conductor

Ive got a Mobility Conductor running v8.6 as well as all my Mobility Controllers.  I control access to the Mobility Conductor using radius.  I can get full admin access just fine with the default role set to root under managed network -> system -> admin -> admin auth options.  What I cant figure out however is how to grant read only access to the Mobility Conductor using radius.   Anyone know how to do this?  I do not want to use locally authenticated accounts.

------------------------------
andre heyliger
------------------------------

Ok thanks.  Ill give that a try.

------------------------------
andre heyliger
------------------------------

Original Message:
Sent: Sep 29, 2021 07:57 PM
From: Colin Joseph
Subject: Administrator roles in Mobiity Conductor

You can.  A better article is here:  https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=10129

Basically any value that you return in the "attribute value" field (root in the article) will override the default role.  So you would enter read-only into the attribute value field so that users who authenticate will obtain the read-only role.

(7200) #show mgmt-role

Management User Roles
---------------------
ROLE DESCRIPTION
---- -----------
root Super user role
read-only Read only commands
location-api-mgmt location-api-mgmt
standard Standard role
nbapi-mgmt nbapi-mgmt
ap-provisioning ap-provisioning
network-operations network-operations
guest-provisioning guest-provisioning

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Sep 29, 2021 05:45 PM
From: andre heyliger
Subject: Administrator roles in Mobiity Conductor

Ok.  Read through the doc and it looks like Ive done that already.  I do use windows NPS (newer version of IAS) and can successfully login with root/admin access.  Anyone know if I can assign RO access to a radius user without making all users RO?  Ive attached a pic of the Mobility Conductor section where I can select root or RO.

------------------------------
andre heyliger

Original Message:
Sent: Sep 28, 2021 05:46 PM
From: Colin Joseph
Subject: Administrator roles in Mobiity Conductor

If you are using a Windows server, please take a look at this old document:  https://higherlogicdownload.s3-external-1.amazonaws.com/HPE/602ed1cb-5984-4169-afcd-6e99387da0bf_file.pdf?AWSAccessKeyId=AKIAVRDO7IEREB57R7MT&Expires=1632869031&Signature=%2BAA5zeOcLFFPTUQSa%2Bn60FAqgDk%3D

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Sep 27, 2021 02:57 PM
From: andre heyliger
Subject: Administrator roles in Mobiity Conductor

Ive got a Mobility Conductor running v8.6 as well as all my Mobility Controllers.  I control access to the Mobility Conductor using radius.  I can get full admin access just fine with the default role set to root under managed network -> system -> admin -> admin auth options.  What I cant figure out however is how to grant read only access to the Mobility Conductor using radius.   Anyone know how to do this?  I do not want to use locally authenticated accounts.

------------------------------
andre heyliger
------------------------------

Thanks.  The article worked.  I was able to create roles and control access using groups/radius.  I only had issues with authentication methods but after some trial and error I was able to solve.

------------------------------
andre heyliger
------------------------------

Original Message:
Sent: Sep 29, 2021 07:57 PM
From: Colin Joseph
Subject: Administrator roles in Mobiity Conductor

You can.  A better article is here:  https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=10129

Basically any value that you return in the "attribute value" field (root in the article) will override the default role.  So you would enter read-only into the attribute value field so that users who authenticate will obtain the read-only role.

(7200) #show mgmt-role

Management User Roles
---------------------
ROLE DESCRIPTION
---- -----------
root Super user role
read-only Read only commands
location-api-mgmt location-api-mgmt
standard Standard role
nbapi-mgmt nbapi-mgmt
ap-provisioning ap-provisioning
network-operations network-operations
guest-provisioning guest-provisioning

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Sep 29, 2021 05:45 PM
From: andre heyliger
Subject: Administrator roles in Mobiity Conductor

Ok.  Read through the doc and it looks like Ive done that already.  I do use windows NPS (newer version of IAS) and can successfully login with root/admin access.  Anyone know if I can assign RO access to a radius user without making all users RO?  Ive attached a pic of the Mobility Conductor section where I can select root or RO.

------------------------------
andre heyliger

Original Message:
Sent: Sep 28, 2021 05:46 PM
From: Colin Joseph
Subject: Administrator roles in Mobiity Conductor

If you are using a Windows server, please take a look at this old document:  https://higherlogicdownload.s3-external-1.amazonaws.com/HPE/602ed1cb-5984-4169-afcd-6e99387da0bf_file.pdf?AWSAccessKeyId=AKIAVRDO7IEREB57R7MT&Expires=1632869031&Signature=%2BAA5zeOcLFFPTUQSa%2Bn60FAqgDk%3D

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Sep 27, 2021 02:57 PM
From: andre heyliger
Subject: Administrator roles in Mobiity Conductor

Ive got a Mobility Conductor running v8.6 as well as all my Mobility Controllers.  I control access to the Mobility Conductor using radius.  I can get full admin access just fine with the default role set to root under managed network -> system -> admin -> admin auth options.  What I cant figure out however is how to grant read only access to the Mobility Conductor using radius.   Anyone know how to do this?  I do not want to use locally authenticated accounts.

------------------------------
andre heyliger
------------------------------

Colin,
Looks like the link to the old document has expired, but the document you mentioned sounds interesting. Would you send us an updated link?
Thanks,
Brad

------------------------------
Brad
------------------------------

Original Message:
Sent: Sep 28, 2021 05:46 PM
From: Colin Joseph
Subject: Administrator roles in Mobiity Conductor

If you are using a Windows server, please take a look at this old document:  https://higherlogicdownload.s3-external-1.amazonaws.com/HPE/602ed1cb-5984-4169-afcd-6e99387da0bf_file.pdf?AWSAccessKeyId=AKIAVRDO7IEREB57R7MT&Expires=1632869031&Signature=%2BAA5zeOcLFFPTUQSa%2Bn60FAqgDk%3D

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Sep 27, 2021 02:57 PM
From: andre heyliger
Subject: Administrator roles in Mobiity Conductor

Ive got a Mobility Conductor running v8.6 as well as all my Mobility Controllers.  I control access to the Mobility Conductor using radius.  I can get full admin access just fine with the default role set to root under managed network -> system -> admin -> admin auth options.  What I cant figure out however is how to grant read only access to the Mobility Conductor using radius.   Anyone know how to do this?  I do not want to use locally authenticated accounts.

------------------------------
andre heyliger
------------------------------

@Brad,

I used this search engine link, because it seems not all content has been copied over to the new website:

https://www.google.com/search?q=site%3Acommunity.arubanetworks.com+Management+authentication+windows&rlz=1CAKDZI_enUS921&sxsrf=AOaemvJs4J3ChA1FOOmW124Q1Ps_oIRANA%3A1633366173730&ei=nTBbYaXZK4-0qtsPxsma6Ag&ved=0ahUKEwjlm8qUm7HzAhUPmmoFHcakBo0Q4dUDCA4&uact=5&oq=site%3Acommunity.arubanetworks.com+Management+authentication+windows&gs_lcp=Cgdnd3Mtd2l6EAM6BwgAEEcQsANKBAhBGABQk1VY5Fpg711oAnACeACAAVSIAZoCkgEBNJgBAKABAcgBCMABAQ&sclient=gws-wiz​

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Oct 04, 2021 12:14 PM
From: Brad Floyd
Subject: Administrator roles in Mobiity Conductor

Colin,
Looks like the link to the old document has expired, but the document you mentioned sounds interesting. Would you send us an updated link?
Thanks,
Brad

------------------------------
Brad

Original Message:
Sent: Sep 28, 2021 05:46 PM
From: Colin Joseph
Subject: Administrator roles in Mobiity Conductor

If you are using a Windows server, please take a look at this old document:  https://higherlogicdownload.s3-external-1.amazonaws.com/HPE/602ed1cb-5984-4169-afcd-6e99387da0bf_file.pdf?AWSAccessKeyId=AKIAVRDO7IEREB57R7MT&Expires=1632869031&Signature=%2BAA5zeOcLFFPTUQSa%2Bn60FAqgDk%3D

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Sep 27, 2021 02:57 PM
From: andre heyliger
Subject: Administrator roles in Mobiity Conductor

Ive got a Mobility Conductor running v8.6 as well as all my Mobility Controllers.  I control access to the Mobility Conductor using radius.  I can get full admin access just fine with the default role set to root under managed network -> system -> admin -> admin auth options.  What I cant figure out however is how to grant read only access to the Mobility Conductor using radius.   Anyone know how to do this?  I do not want to use locally authenticated accounts.

------------------------------
andre heyliger
------------------------------