Hi,
Í've been trying to setup RADIUS authentication (MS NPS 2012R2) on the Aruba controller, to get adminstrators authenticatted and assigend the 'root' role based on the RADIUS by returned attribute.
After following the ArubaOS 6.4.3 user guide, I still have the following 3 questions that are still unanswered:
1- The authentication requests are still be done locally, even with the box 'mode' selected. I don't see any request hitting my RADIUS server and, even without the allow local authentation box selected, can still authenticate based the local user. HOw can I enforce this and not have local authentication being processed.
2- It is not clear which attributes values are required for Aruba to process the correct role received from RADIUS. I do have a VSA for Aruba confgured with 14823. I'm assuming the attribute value of the string is 'root', as this should be the role send back by RADIUS in case the user is authenticated. Also what is the vendor-assigned atrribute number?
3- How can I assure users are being assigned the role 'root' based on membership of a group name, for instance ' IT Adminstrators' instead of an username.
Thanks for the clarification.