what is the deference between enabling AD attribute as role or as attribute?

last person joined: yesterday

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).

Back to discussions

Expand all | Collapse all

what is the deference between enabling AD attribute as role or as attribute?

Jump to Best Answer

This thread has been viewed 8 times

1. what is the deference between enabling AD attribute as role or as attribute?

0 Kudos
adamsmith
Posted Oct 03, 2015 01:18 PM

Reply Reply Privately
I can see that I can Enbale in AD attribute for example Departmnet as a role or as attrbute or both so what is the deiffrence and what scnarios can be driven from this both checks?
2. RE: what is the deference between enabling AD attribute as role or as attribute?

0 Kudos
EMPLOYEE

cappalli
Posted Oct 03, 2015 01:19 PM

Reply Reply Privately
Role is mapped directly to a role without a role map.

Thanks,
Tim
3. RE: what is the deference between enabling AD attribute as role or as attribute?

0 Kudos
adamsmith
Posted Oct 03, 2015 02:34 PM

Reply Reply Privately
So if I enable IT DEPT as a role this doesnt need role mapping?
4. RE: what is the deference between enabling AD attribute as role or as attribute?

0 Kudos
mattGeorge
Posted Oct 04, 2015 07:53 AM

Reply Reply Privately
Yes, for example if Department = NetOps, the user are automatically tagged with the Role name NetOps in Clearpass.

PS: Roles in clearpass are independent of User-Roles on the Aruba Controllers.
5. RE: what is the deference between enabling AD attribute as role or as attribute?

0 Kudos
adamsmith
Posted Oct 05, 2015 07:36 AM

Reply Reply Privately
Thanks for clearing up so you say thet roles section in clearpasss is Only for aruba Controller firewall roles only??
6. RE: what is the deference between enabling AD attribute as role or as attribute?
Best Answer

1 Kudos
EMPLOYEE

cappalli
Posted Oct 05, 2015 07:38 AM

Reply Reply Privately
Yes just for the ClearPass side.

ClearPass role != controller role

Thanks,
Tim
7. RE: what is the deference between enabling AD attribute as role or as attribute?
Best Answer

1 Kudos
MVP

koen
Posted Oct 05, 2015 10:23 AM

Reply Reply Privately
Think of it this way:
Clearpass role: just a label
Aruba user-role: firewall policy
8. RE: what is the deference between enabling AD attribute as role or as attribute?

0 Kudos
adamsmith
Posted Oct 05, 2015 03:39 PM

Reply Reply Privately
You guys are awsome I really learn alot from you and thank you so much for clearing things up and Hope to be like you

Security

what is the deference between enabling AD attribute as role or as attribute?

1. what is the deference between enabling AD attribute as role or as attribute?

2. RE: what is the deference between enabling AD attribute as role or as attribute?

3. RE: what is the deference between enabling AD attribute as role or as attribute?

4. RE: what is the deference between enabling AD attribute as role or as attribute?

5. RE: what is the deference between enabling AD attribute as role or as attribute?

6. RE: what is the deference between enabling AD attribute as role or as attribute? Best Answer

7. RE: what is the deference between enabling AD attribute as role or as attribute? Best Answer

8. RE: what is the deference between enabling AD attribute as role or as attribute?

6. RE: what is the deference between enabling AD attribute as role or as attribute?
Best Answer

7. RE: what is the deference between enabling AD attribute as role or as attribute?
Best Answer