Security

Reply
Frequent Contributor II

what is the deference between enabling AD attribute as role or as attribute?

I can see that I can Enbale in AD attribute for example Departmnet as a role or as attrbute or both so what is the deiffrence and what scnarios can be driven from this both checks?


Accepted Solutions
Highlighted
Moderator

Re: what is the deference between enabling AD attribute as role or as attribute?

Yes just for the ClearPass side. 

ClearPass role != controller role 


Thanks, 
Tim


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
MVP

Re: what is the deference between enabling AD attribute as role or as attribute?

Think of it this way:

Clearpass role: just a label

Aruba user-role: firewall policy


Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found a post helpful or important? Click the "Thumbs Up" icon to give kudos.
-- Problem Solved? Click "Accept as Solution" in a post.

View solution in original post


All Replies
Highlighted
Moderator

Re: what is the deference between enabling AD attribute as role or as attribute?

Role is mapped directly to a role without a role map. 


Thanks, 
Tim


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Frequent Contributor II

Re: what is the deference between enabling AD attribute as role or as attribute?

So if I enable IT DEPT as a role this doesnt need role mapping?

Highlighted
Aruba Employee

Re: what is the deference between enabling AD attribute as role or as attribute?

Yes, for example if Department = NetOps, the user are automatically tagged with the Role name NetOps in Clearpass. 

 

PS: Roles in clearpass are independent of User-Roles on the Aruba Controllers.

Highlighted
Frequent Contributor II

Re: what is the deference between enabling AD attribute as role or as attribute?

Thanks for clearing up so you say thet roles section in clearpasss is Only for aruba Controller firewall roles only??

Highlighted
Moderator

Re: what is the deference between enabling AD attribute as role or as attribute?

Yes just for the ClearPass side. 

ClearPass role != controller role 


Thanks, 
Tim


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
MVP

Re: what is the deference between enabling AD attribute as role or as attribute?

Think of it this way:

Clearpass role: just a label

Aruba user-role: firewall policy


Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found a post helpful or important? Click the "Thumbs Up" icon to give kudos.
-- Problem Solved? Click "Accept as Solution" in a post.

View solution in original post

Highlighted
Frequent Contributor II

Re: what is the deference between enabling AD attribute as role or as attribute?

You guys are awsome I really learn alot from you and thank you so much for clearing things up and Hope to be like you

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: