Role derivation priority with 802.1X, Machine Auth and VSA
12-09-2016 11:05 AM - edited 12-09-2016 11:06 AM
I have configured Server Role Derivation for 802.1X with enfroced machine authentication. I works fine for computers and users that are members of Microsoft domain, with role mapping based on returned by NPS standard attribute (not Aruba VSA).
But I have just a few MAC OSX laptops, that (from many reasons) are not members of domain (no machine account, only user&pass), and I would like to be able, also to map them on different role, after successful 802.1X authentiaction based on user & pass only (machine auth fail).
Will returning Aruba VSA attribute (Aruba-User-Role) take precedense and assign returned in VSA attribute role to a user on a MAC OSX that passed only user auth and failed machine auth, with Enforce Machine Authentication option enabled in a profile?
Re: Role derivation priority with 802.1X, Machine Auth and VSA
12-09-2016 11:15 AM
*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba VIA ASE Solution - Configure VIA VPN