ArubaOS and Controllers

Occasional Contributor I

trouble with user roles

I am trying to assign user roles with either a user derivation rule or even 802.1X Authentication Server Group using server roles to change the user role when a specific user logs in. These setings don't seem to work the user role doesn't change. I can get the user derevation rule to work when I change the vlan. This way I know that the conditions are matching the rules but I just can't get the user role to change.

Am I missing something?
Occasional Contributor II

Re: trouble with user roles

can you post your aaa server-group config?
Occasional Contributor I

aaa server-group post

aaa server-group "Test"
auth-server RADIUS
set role condition User-Name contains "rbrower" set-value authenticated
Aruba Employee

Re: trouble with user roles

Usually, I turn on "logging level debug user-debug xx:xx:xx:xx:xx:xx" (from the CLI config mode), then have the user login again. Once the user has authenticated, do a "show log user-debug all" from the CLI and you will see the attributes that were returned by the AAA server. Make sure the server is passing back "User-Name" and the name matches the case you specified (all lower). Once you have done this, don't forget to turn off the debugging by putting a "no" in front of the command.
Occasional Contributor II

Re: trouble with user roles

I agree with Olino. Your commands are exact what I have, minus the quotes around User-Name and I know mine work fine.

set role condition "User-Name" contains "test" set-value authenticated
Search Airheads
Showing results for 
Search instead for 
Did you mean: