Security, WIDS/WIPS and Aruba ECS

Reply
Guru Elite

RADIUS Filter by Description field

Hello - I have a pretty unique situation. We are a subdomain of a forest in an educational environment. Our wireless networks are currently setup to authenticate against our subdomain x.y.edu.

We want to add another network that authenticates against the forest (y.edu) so that people from the other institutions in our system can login with their forest credentials.

So there are two accounts for each user, the local subdomain account (user@x.y.edu) and a forest account (user@y.edu).

My issue is that local users will be able to login to this new network with their forest account. I want to filter so they cannot. We have the location of the user in the "Office" attribute in AD and I want to deny access to users that have "XXX" in that field. Is this possible in RADIUS? (we are using server 2008 r2 radius)

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite

Re: RADIUS Filter by Description field

You would do that through a remote access policy in NPS that denies based on a rule:


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Guru Elite

Re: RADIUS Filter by Description field

The issue i'm having is that all of the users are in "Domain Users" and not separated into groups by college. I am trying to reference the "Office" attribute, as seen in the attached picture, and say if office = "LSC", deny access.

Thanks

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: