Wireless Access

last person joined: 6 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Administrator roles in Mobiity Conductor

This thread has been viewed 26 times
  • 1.  Administrator roles in Mobiity Conductor

    Posted 25 days ago
    Ive got a Mobility Conductor running v8.6 as well as all my Mobility Controllers.  I control access to the Mobility Conductor using radius.  I can get full admin access just fine with the default role set to root under managed network -> system -> admin -> admin auth options.  What I cant figure out however is how to grant read only access to the Mobility Conductor using radius.   Anyone know how to do this?  I do not want to use locally authenticated accounts.

    ------------------------------
    andre heyliger
    ------------------------------


  • 2.  RE: Administrator roles in Mobiity Conductor

    Posted 25 days ago
    If you are using a Windows server, please take a look at this old document:  https://higherlogicdownload.s3-external-1.amazonaws.com/HPE/602ed1cb-5984-4169-afcd-6e99387da0bf_file.pdf?AWSAccessKeyId=AKIAVRDO7IEREB57R7MT&Expires=1632869031&Signature=%2BAA5zeOcLFFPTUQSa%2Bn60FAqgDk%3D

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 3.  RE: Administrator roles in Mobiity Conductor

    Posted 24 days ago
      |   view attached
    Ok.  Read through the doc and it looks like Ive done that already.  I do use windows NPS (newer version of IAS) and can successfully login with root/admin access.  Anyone know if I can assign RO access to a radius user without making all users RO?  Ive attached a pic of the Mobility Conductor section where I can select root or RO.

    ------------------------------
    andre heyliger
    ------------------------------



  • 4.  RE: Administrator roles in Mobiity Conductor

    Posted 19 days ago
    Colin,
    Looks like the link to the old document has expired, but the document you mentioned sounds interesting. Would you send us an updated link?
    Thanks,
    Brad

    ------------------------------
    Brad
    ------------------------------



  • 5.  RE: Administrator roles in Mobiity Conductor

    Posted 24 days ago
    You can.  A better article is here:  https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=10129

    Basically any value that you return in the "attribute value" field (root in the article) will override the default role.  So you would enter read-only into the attribute value field so that users who authenticate will obtain the read-only role.

    (7200) #show mgmt-role

    Management User Roles
    ---------------------
    ROLE DESCRIPTION
    ---- -----------
    root Super user role
    read-only Read only commands
    location-api-mgmt location-api-mgmt
    standard Standard role
    nbapi-mgmt nbapi-mgmt
    ap-provisioning ap-provisioning
    network-operations network-operations
    guest-provisioning guest-provisioning

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 6.  RE: Administrator roles in Mobiity Conductor

    Posted 23 days ago
    Ok thanks.  Ill give that a try.

    ------------------------------
    andre heyliger
    ------------------------------



  • 7.  RE: Administrator roles in Mobiity Conductor

    Posted 19 days ago
    @Brad,

    I used this search engine link, because it seems not all content has been copied over to the new website:

    https://www.google.com/search?q=site%3Acommunity.arubanetworks.com+Management+authentication+windows&rlz=1CAKDZI_enUS921&sxsrf=AOaemvJs4J3ChA1FOOmW124Q1Ps_oIRANA%3A1633366173730&ei=nTBbYaXZK4-0qtsPxsma6Ag&ved=0ahUKEwjlm8qUm7HzAhUPmmoFHcakBo0Q4dUDCA4&uact=5&oq=site%3Acommunity.arubanetworks.com+Management+authentication+windows&gs_lcp=Cgdnd3Mtd2l6EAM6BwgAEEcQsANKBAhBGABQk1VY5Fpg711oAnACeACAAVSIAZoCkgEBNJgBAKABAcgBCMABAQ&sclient=gws-wiz​

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------