Wireless Access

Hi,

I'm trying to change the aaa authentication mgmt default-role from "read-only" to "root," but I am unable to do so.

I can understand that anything referencing the server group defined would be read-only, but I am also using a local login that has root access.  The problem is reproducible using the cli (telnet/ssh) or the web interface.

FYI, I'm running an Alcatel-Lucent-branded 4308 controller running AOS version 3.3.1.14.

Thanks,

John

What are you trying to accomplish?  Are you using the local database and an external server for management authenticaton?  How do you want it to work?

Anyone who has root privileges with their ldap credentials cannot make changes, due to configuration below.

aaa authentication mgmt
   default-role "read-only"
   server-group "server_group_name"
   enable

We need to change the default role, but not even locally stored root credentials aren't allowed either.

You want to write a server derivation rule like this:  http://community.arubanetworks.com/aruba/attachments/aruba/115/462/1/configuration-management-administration.jpg

EXCEPT your ldap attribute is memberOf, the operator is "contains" whatever group your management users are in and your role would be root.  That would create an exception to what you have configured for users in that AD group.