AA 6.4.1
I've got MFA AA Radius working pretty much, to NTRADPING anyway...not the Aruba switches though...the Aruba switches are not authenticating admin users as they switch expects "Radius:IETF:Service-Type:=6" or "Aruba-Priv-Admin-User" VSA.
f the Aruba-Admin-Role
VSA is present, map the user to the matching local user-group name.
-
Else if the
Aruba-Priv-Admin-User
VSA is present, extract the privilege level (1, 15, or 19) and map the user to the local user-group corresponding to this privilege level (1=operators
,15=administrators
,19=auditors
). Privilege levels 2 to 14 may also be used with matching local user groups named 2 to 14.-
Else If Service-Type AVP is present, map
Administrative-User(6)
toadministrators
and mapNAS-Prompt-User(7)
tooperators
.-
Otherwise, the user role cannot be determined, and the authentication fails.
-
-
Administrative-User(6)
The Service-Type
attribute is retained only for backward compatibility. It is recommended that you instead use the Aruba-Admin-Role
or Aruba-Priv-Admin-User
VSA.
I've been trying heaps of combinations but it only comes through if I