Frequent Contributor I

AD/RADIUS Attributes

I am looking to see if I can get my RADIUS server (NPS) to pass Active Directory attributes back to my Aruba controller.


The goal is to set a user's role based on an Active Directory attribute, rather than a Group.


This works fine with captive portal, but does not seem to work with RADIUS.


Is this possible?

Guru Elite

Re: AD/RADIUS Attributes

That is because LDAP has access to those attributes and sends all of them back in a response.  In radius, you have to manually map those attributes to a radius attribute and return the radius attribute to be handled by the Aruba controller.  A Radius server that specializes in authorization like ClearPass makes it easy to do this mapping.  NPS makes you write a rule or remote access policy for every attribute that you want to map and send back.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Frequent Contributor I

Re: AD/RADIUS Attributes

Thanks for the reply.


So, either I replace my RADIUS with something else, or figure out how to do this from NPS?


I don't suppose anyone has a document that would explain how to do this mapping?



Search Airheads
Showing results for 
Search instead for 
Did you mean: