03-16-2018 04:14 PM
First off, I am new to using CPPM as a TACACS server but have been using it for RADIUS for a little while.
I am trying to use Authorization Attributes from active directory to map roles and then use those tips roles to enforce different profiles. I am already doing this on the RADIUS side to push down wireless roles to controllers. Now I'm trying my hand at TACACS
I have read a handful blog posts, watched videos, and used ASE templates but for some reason Authorization Attributes never shows up in the Request tab in the log. If reference AD Authorization Attributes in the Enforcement Policy magically it shows in the log, but still has no effect on the Role Mapping.
I have looked through my AD server in Authentication Sources and I have "Used for Authorization" checked (all this is working for RADIUS)
I'm at a loss and thought I would start here before TAC
Solved! Go to Solution.
Re: TACACS Role Mapping using Authorization Attributes From AD
03-16-2018 08:27 PM
**Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the post.
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
03-19-2018 05:32 AM
They won't show up in Access Tracker if you're not addressing/using them in some way. So define a Role Mapping to your Service where you pick up on type "Authorization:MYAD:memberof", do a TACACS auth from your device and you should see all the available attributes in your Access Tracker entry.
-ACMX #316 :: ACCX #902 :: ACSA
Aruba Partner Ambassador
Intelecom/NetNordic - Norway
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!