Configuring FreeRADIUS to authenticate AWMS Users

Aruba Employee
Aruba Employee

This document describes configuring AWMS and FreeRADIUS so that AWMS users are authenticated against a FreeRADIUS server. The process involes making 3 configuration changes on FreeRADIUS, and defining that FreeRADIUS server as an auth server for the AWMS.


I. For each user, add an Aruba-Admin-Role attribute:


<username> User-Password := "<password>"
Aruba-Admin-Role = "<name of awms role>


jane User-Password := "password123"
Aruba-Admin-Role = "AMP Administration" 

john User-Password := "topsecret"
Aruba-Admin-Role = "ResNet AP Monitoring" 
Framed-IP-Address =
Framed-IP-Netmask =

II. Define a shared secret (which also must be added on the AWMS):

In /etc/raddb/clients.conf add a section allowing the AWMS (or a network) to be a RADIUS client:


client <ip address or network> {
secret = <secret>
shortname = <label>


client {
secret = airwave
shortname = corp_dev_net

III. Copy dictionary.aruba from the AWMS's filesystem to the FreeRADIUS server:

Location on AWMS: /opt/airwave/share/freeradius/dictionary.aruba 
Copy to this directory on FreeRADIUS: /usr/share/freeradius/dictionary.aruba


On the AMP Setup -> Authentication page, enable RADIUS Auth, and provide the ip addresses, ports and secrets for your FreeRADIUS servers.

Version history
Revision #:
1 of 1
Last update:
‎06-06-2014 03:38 PM
Updated by:

There is one extra step that is needed to be done in AirWave.


The role "AMP Administration" needs to be created in Airwave.


AMP Setup > Roles


Add role.


Set the type to be "AMP Administrator"


Give it a name and click Add, to create a role with the default settings.


I hope this helps.


Search Airheads
Showing results for 
Search instead for 
Did you mean: