Hi,
I've got CPPM 6.5.1 running with a Guest portal. We do self-registration so that all guests are dumped in the "Guest" role, and must re-authenticate daily.
I have found some incantations to add a Profile such that I can pass back a value in the "Radius:Aruba / Aruba-User-Role" and tell the controller which role to place the user into back on the controller as they log in. It's clunky right now, as I have it hard-coded in a profile.
What I >want< to do is this:
1) Have self-registration users defaulted into the [Guest] role, and pass that role info back to the controller, which puts them in a somewhat ACL'd network (we do 80/443 only).
2) For certain users, I'd like to be able to go into the Guest account management database, and change their Role to "VIP". Those users would then be assigned a VIP role on the controller which would have wider access.
3) I would like the role change to be preserved. Right now, if a user is forced to re-authenticate in the portal, they're dumped back into [Guest] every time, even if I changed their role manually.
I've been thumping my head against a wall for a few days. The default service policies seem to pull the Role data out of the Endpoint database and ignore the Guest User database once a user is set up. Changing a role after a guest user is established doesn't change the behavior when they reconnect. Then, once forced through reauthentication, their role data is tossed out the window. Neither of these are desired behaviors.
Any tips on accomplishing this would be greatly appreciated.
Thanks!
Mike