Wireless Access

Thanks Colin,

I realised I made a mistake there, I am returning '0' which I think is actually the 'network-operations' role. What do I need to return to use the 'read-only' role?

And is it listed anywhere what the subset of commands the network-operations role can actually use are?

Thanks for your help

You need to return the radius attribute "Aruba-Admin-Role" with the admin role that you want a user to get:

Aruba-Admin-Role                  4      String       Aruba      14823

So this is where I'm slightly hazy(!):

Isn't Aruba-Admin-Role for web users? What I want is CLI access roles.

We are currently returning numeric values for attribute 'Aruba-Priv-Admin-User', currently we use '1' for root and '0' for (what appears to equate to) 'network-operations'. Is there a list of what those numeric values should be for each user role that is available? Eg what should that number be for a 'read-only' user?

Or am I misunderstanding how this works?

Aruba-Admin-Role is for all users.  It allows you to set the admin role by simply replying with the text name of the role as an attribute.

"Aruba-Priv-Admin-User" is an attribute only so that a user can avoid typing the enable password.  Please see here:  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Aruba-VSA-Aruba-Priv-Admin-User/m-p/14609

Ah so I did misunderstand this. So I can return a role eg

Aruba-Admin-Role :=  'network-operations'

*and* either:

Aruba-Priv-Admin-User := 0

or

Aruba-Priv-Admin-User := 1

 ?