Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

AD/RADIUS Attributes

This thread has been viewed 9 times

  • 1.  AD/RADIUS Attributes

    Posted Mar 31, 2015 11:18 AM

    I am looking to see if I can get my RADIUS server (NPS) to pass Active Directory attributes back to my Aruba controller.

     

    The goal is to set a user's role based on an Active Directory attribute, rather than a Group.

     

    This works fine with captive portal, but does not seem to work with RADIUS.

     

    Is this possible?



  • 2.  RE: AD/RADIUS Attributes

    EMPLOYEE
    Posted Mar 31, 2015 11:55 AM

    That is because LDAP has access to those attributes and sends all of them back in a response.  In radius, you have to manually map those attributes to a radius attribute and return the radius attribute to be handled by the Aruba controller.  A Radius server that specializes in authorization like ClearPass makes it easy to do this mapping.  NPS makes you write a rule or remote access policy for every attribute that you want to map and send back.



  • 3.  RE: AD/RADIUS Attributes

    Posted Mar 31, 2015 01:50 PM

    Thanks for the reply.

     

    So, either I replace my RADIUS with something else, or figure out how to do this from NPS?

     

    I don't suppose anyone has a document that would explain how to do this mapping?

     

    Thanks.