If a user tries to authenticate to clearpass -> Active Directory, and is using the wrong username, or bad password, is the users automatically rejected because they failed auth or are they given the default user role for the profile? I see the default Radius:Aruba:Aruba-User-Role in the Output> Radius Response in the logs, and was a bit confused. I would think it would not receive any user-role, or a Reject one by default.