Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

returning %{GuestUser:role_id} as aruba-user-role?

This thread has been viewed 4 times

  • 1.  returning %{GuestUser:role_id} as aruba-user-role?

    MVP
    Posted Oct 30, 2014 09:48 AM

    Anyone that can provide the answer to this one?

     

    Say we have created a guest user with role_id=1.

    This role_id of 1 as mapped to the value employee

     

    Is there a way to have clearpass return an aruba-user-role with that alfanumeric value instead of the numeric value? Returning %{GuestUser:role_id} gives the numeric value.



  • 2.  RE: returning %{GuestUser:role_id} as aruba-user-role?

    EMPLOYEE
    Posted Oct 30, 2014 09:49 AM

    You'd have to write rules that statically return the value.

     

    Guest Role ID = 1, return enforcement profile: aruba-user-role: guest

    Guest Role ID = 2, return enforcement profile: aruba-user-role: employee



  • 3.  RE: returning %{GuestUser:role_id} as aruba-user-role?

    MVP
    Posted Oct 30, 2014 10:05 AM

    You're positive?

    Bah! I was hoping I could shortcut a dozen conditions and profiles somehow here..



  • 4.  RE: returning %{GuestUser:role_id} as aruba-user-role?

    EMPLOYEE
    Posted Oct 30, 2014 10:07 AM

    You can make it more automated for a MAC-cache, but for the initial web-login, you'll have to map the role ID to a user-role.