Wireless Access

hi to all.

i'm currently testing user access,however users under different OU cant authenticate. i already configured Radius server and Server group . is there any server rule or any attribute i have to add? below are the details

aruba 7205 controller
lic-ap
win2012 AD
NPS

any suggestions will be greatly appreciated

How is your NPS server configured?

Hi Tim,

 

 thank you for your response. we are doing some trial and error under Server Group. I once added may RADIUS server without any match-rule. I also tried to use FILTER-ID as attrubute,EQUALS, and name of my OU as operand,STRING,SETVLAN,500 but still no luck.

 

the objective is RADIUS authentication with multiple OUs within a single VLAN.

 

am I missing something on NPS?

 

please see attached images

 

thank you

Within your settings for that policy you'll need to add the attribute to be returned.

 

After that, you'll need an additional Network Policy to catch any user not in those particular groups, provided you still want to give them access, beit in a different vlan.

Hi Michael,

 

   I'm thinking that I need to add the OU to conditions, however it seems OU is not an available policy condition aside from User Groups. any alternative for this?

 

 

thank you

According to Microsoft, no:  https://social.technet.microsoft.com/Forums/en-US/acc242bf-9edf-41bf-9a7c-73abc3a98fc9/nps-network-policy-based-on-ou-structure?forum=winserverNAP