Security

 View Only
last person joined: 12 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Guest provisioning with different Role

This thread has been viewed 5 times

  • 1.  Guest provisioning with different Role

    Posted May 24, 2012 07:15 AM

    Aruba 3000

    ArubaOS 6.1.3.1

     

    Hi everyone,

     

    I'm currently setting up a guest vlan with a captive portal. By default this captive portal has 2 options to login, one of the 2 is just to fill in a email address and this works just fine giving the user limited guest access.

     

    The second one is to fill in a username / password pair which can be created in the Guest Provisioning portal. This works fine as well, but what we would like is that the users that are created in this portal get a more open role then the default guest role. How can I do this?

     

    Jan Hugo Prins

     

     



  • 2.  RE: Guest provisioning with different Role

    Posted May 24, 2012 09:32 AM

    Hi,


    I believe this can be accomplish by doing the following:

     

    - Set the default role as limited, which it seems you already have.

    - Create a new user role with less restriction.

    - On the INTERNAL server, create a derivation rule that would place a user in the less restrictive role.  You would have to use a common string in each username.  Maybe something like "gst-user01".  When creating the derivation rule, set the condition to "User-name", Operation "Starts-with", and value "gst-".

     

    I haven't tried this myself but give it a whirl and see if it works.  When creating users via the Guest Provisioning Portal, you cannot assign the role, or at least I'm not aware of this.  When you create the users from the admin interface, you can assign a specific role.

     

    Hope this helps.

     

    -Mike



  • 3.  RE: Guest provisioning with different Role
    Best Answer

    Posted May 24, 2012 11:35 AM

    From the User Guide: 

     

    Default Role:

    Role assigned to the Captive Portal user upon login. When both user and guest logon are

    enabled, the default role applies to the user logon; users logging in using the guest interface are
    assigned the guest role.

     

    Default Guest Role

    Role assigned to guest.

     

    Summary: 

    When both user-login and guest-login is enabled, guest users (the ones that enter only email address) will be assigned "default guest role" and the ones that login with username and password generated from guest provisioning will be assigned "default role" 

     

    Captive Portal Authentication Profile "<profile-name>"
    -----------------------------------------------
    Parameter Value
    --------- -----
    Default Role less-restricted
    Default Guest Role guest 

     

    Hope it answers your question. 

     

    --

    HT



  • 4.  RE: Guest provisioning with different Role

    Posted May 24, 2012 11:46 AM

    hthakker,

     

    There you go.  Shows you how much I read the user guide. :)

     

    -Mike



  • 5.  RE: Guest provisioning with different Role

    Posted May 25, 2012 10:34 AM

    Thanks.

     

    This did the trick indeed.

     

    Jan Hugo Prins