Hi:
I'm using CPPM with Aruba Controllers.
I need to setup a wireless workstation that can be used by multiple users. Both the computer and the users are members of the Windows domain.
This would typically be in a classroom situation, where different professors might come into the classroom to use the computer.
The problem is, that a user may have never logged into that computer, and so there's no cached profile.
That means the computer needs to have an IP address and be talking to domain controllers, even when it is logged out.
Is this possible?
I've got an enforcement profile that reads:
Tips:Role EQUALS [Machine Authenticated])
AND (Authorization:DomainName-AD:memberOf CONTAINS WirelessUser) --> staff-device-enf-prof
and that's working fine for AD users, who have logged into the machine previously.
The profile just before this one reads:
Tips:Role EQUALS [Machine Authenticated])
AND (Tips:Role NOT_EQUALS [User Authenticated]) --> domain-member-enf-prof
the domain-member-enf-prof has these attributes:
1. Radius:Aruba Aruba-User-Role = domain-member
2. Radius:Aruba Aruba-User-Vlan = 11
VLAN 11 is the correct vlan, but the machine does not appear to be connected, when the user is logged out (I can't ping it, RDP into it, etc.).
Do I also need to have the Controller's 'domain-member' role specify a VLAN, or do anything else? Right now, it's just blank, when I check it on the controller via the CLI.
I thought I would reach out, before I progressed much further on this, in the hopes that someone has been through this before.
Thanks,
Tony