This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AA returning additional Radius attributes on successful authentication

AA 6.4.1

I've got MFA AA Radius working pretty much, to NTRADPING anyway...not the Aruba switches though...the Aruba switches are not authenticating admin users as they switch expects "Radius:IETF:Service-Type:=6" or "Aruba-Priv-Admin-User" VSA.

f the Aruba-Admin-Role VSA is present, map the user to the matching local user-group name.

  • Else if the Aruba-Priv-Admin-User VSA is present, extract the privilege level (1, 15, or 19) and map the user to the local user-group corresponding to this privilege level (1=operators, 15=administrators, 19=auditors). Privilege levels 2 to 14 may also be used with matching local user groups named 2 to 14.

    • Else If Service-Type AVP is present, map Administrative-User(6)to administrators and map NAS-Prompt-User(7) to operators.

      • Otherwise, the user role cannot be determined, and the authentication fails.

Administrative-User(6)

The Service-Type attribute is retained only for backward compatibility. It is recommended that you instead use the Aruba-Admin-Role or Aruba-Priv-Admin-User VSA.

I've been trying heaps of combinations but it only comes through if I