Same problem with the new document.
A test shows the radius server actualy sending back the aruba-user-role and the reply-message VSA's I configured but amigopod seems to ignore them.
Sending Access-Request of id 183 to 127.0.0.1 port 1812
User-Name = "mylogon"
User-Password = "●●●●●●●●"
NAS-Identifier = "amigopod.mydomain.local"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=183, length=128
Aruba-User-Role = "guest-cp"
Framed-Protocol = PPP
Reply-Message = "guest-cp"
Service-Type = Framed-User
Class = 0xa2d309ba0000013700010200ac1000c400000000314aa86d004b0d4a01ccd58794f3b4c40000000000000d97
MS-Link-Utilization-Threshold = 50
MS-Link-Drop-Time-Limit = 120
I can in fact see the Aruba-user-role VSA being applied in the controller.. It's just that it won't trigger the mac account creation.
Feb 16 15:35:19 :522038: <INFO> |authmgr| username=mylogon MAC=00:18:de:a5:cd:57 IP=192.168.10.231 Authentication result=Authentication Successful method=Web server=amigopod
Feb 16 15:35:19 :522016: <INFO> |authmgr| MAC=00:18:de:a5:cd:57 IP=?? Derived role 'guest-cp' from Aruba VSA
Feb 16 15:35:19 :522049: <INFO> |authmgr| MAC=00:18:de:a5:cd:57,IP=192.168.10.231 User role updated, existing Role=guest-logon-amigo/guest-logon-amigo, new Role=guest-logon-amigo/guest-cp, reason=User authenticated with auth type:1role derivation:7 l3 assigned role:None
Feb 16 15:35:19 :522050: <INFO> |authmgr| MAC=00:18:de:a5:cd:57,IP=192.168.10.231 User data downloaded to datapath, new Role=guest-cp/73, bw Contract=0/0,reason=Download driven by user role setting
Feb 16 15:35:19 :522008: <NOTI> |authmgr| User Authentication Successful: username=mylogon MAC=00:18:de:a5:cd:57 IP=192.168.10.231 role=guest-cp VLAN=4001 AP=tech SSID=amigo AAA profile=aaa-amigo auth method=Web auth server=amigopod
Feb 16 15:35:19 :522038: <INFO> |authmgr| username=mylogon MAC=00:18:de:a5:cd:57 IP=192.168.10.231 Authentication result=Authentication Successful method=radius-accounting server=amigopod
So what am I missing? How do I get amigopod to run the radius role I'm sending it?
PS, you might want to clearly add a version number on your documents.. I had no idea I was using an old version. The data that is mentioned on the docs was identical (March 2011).
Also, the new document has some typos in the Annotated Expression. I count at least 2 closing brackets that are missing)