Hi all,
I use CPPM and Amigopod. I don't look after AD, but I see it as a very useful source information someone else adminsters. I dont want to assign operators profiles directly from AD, but through CPPMs link to AD via the RADIUS service. (so I can override AD group membership if I need to)
I got Amigopod authenticating operators using CPPM as a RADIUS server. Works fine except I send a VSA back to amigopod based on AD group membership and I was hoping to assign the user into the appropriate profile based on this VSA I send in my enforcement profile. It keeps using the default profile. :(
array (
'enabled' => true,
'privileges' =>
array (
0 => 'admin',
1 => 'guestmanager',
2 => 'hotspot-manager',
3 => 'cip_index',
4 => 'mdps_index',
5 => 'auth_index',
6 => 'radius-services',
7 => 'reporting-manager',
8 => 'sms-admin',
9 => 'smtp',
10 => '#support_index',
),
'userskin' => '',
'start_page' => 'admin_index.php',
'lang' => '',
'timezone_id' => '',
'password_action_time' => 0,
'override_ui' => false,
'userskin_name' => '(Default)',
'profile_name' => 'IT Administrators',
'profile_comment' => 'Default administrative profile.',
'username' => "\reception",
'aruba-user-role' => 'Reception and Front Desk',
'session-timeout' => 10800,
'class' => "#\302\346\303?dN7\217~\343+\345B^\321\302\v\000\000\000\000\000\000R00000383-01-4fa8f02c\000\000\000\000\000\000\000\000\000\000\000",
'profile' => '1',
)
array (
'enabled' => true,
'privileges' =>
array (
0 => 'admin',
1 => 'guestmanager',
2 => 'hotspot-manager',
3 => 'cip_index',
4 => 'mdps_index',
5 => 'auth_index',
6 => 'radius-services',
7 => 'reporting-manager',
8 => 'sms-admin',
9 => 'smtp',
10 => '#support_index',
),
'userskin' => '',
'start_page' => 'admin_index.php',
'lang' => '',
'timezone_id' => '',
'password_action_time' => 0,
'override_ui' => false,
'userskin_name' => '(Default)',
'profile_name' => 'IT Administrators',
'profile_comment' => 'Default administrative profile.',
'username' => 'admin',
'aruba-user-role' => 'IT Administrators',
'session-timeout' => 10800,
'class' => "#\302\346\303?dN7\217~\343+\345B^\321\302\v\000\000\000\000\000\000R00000384-01-4fa8f053\000\000\000\000\000\000\000\000\000\000\000",
'profile' => '1',
)
I see LDAP translation rules - to achieve exactly what I am after, but I dont really want to bypass CPPM. I want CPPM to be the cornerstone to all authentication in this implemenetation - to be effectively a single point of administration.
Anyone had any luck? :smileyfrustrated: I expect I have done something stupid!