I think if you have multiple enforcement profiles that have conflicting attributes, one will be overwritten by the other, not concatenated.
Depending on your use-case, you may use tokenized attributes in a single enforcement profile, like putting in %{Attribute-for-User} and %{Attribute-for-Group}.
Without knowing exactly what you try to achieve, it's hard to tell if that works or not. It may be best to get your Aruba partner or Aruba SE involved to discuss this in full detail and see what would be possible.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Sep 29, 2023 08:32 AM
From: ark
Subject: How to use to Freeradius += operator with ClearPass
Hello,
I use a LocalUsers database with users having a {user}@{group} format.
I would like to generate Cisco-AVPair radius attributes based both on {group} and on {user}.
I use an Enforcement policy which is setting actions based on {group}, then actions based on {user}. But i see only Attributes set by the {group} profile in the radius reply.
And iIf a put the action based on user first, i see only the user profile attributes...
Is there a way to have the sum of Cisco-AvPair attributes in the same radius reply (similar to the += Freeradius operator), or i am doing something wrong ?
Thanks,
Philippe