Aruba Networks PowerConnect W Clearpass 100 Software Deployment Manual page 172
3.9 deployment guide
Hide thumbs
Also See for PowerConnect W Clearpass 100 Software:
- Deployment manual (438 pages) ,
- Manual (22 pages) ,
- Installation manual (12 pages)
Table of Contents
Advertisement
Use role assigned to local user is the only authorization method available for the local user database.
If the user's authentication attempt is successful, the RADIUS server will respond with an Access-Accept
message that includes the RADIUS attributes defined for the user's role.
Use the common name of the client certificate to match a local user account may be specified
for users authenticated via EAP-TLS on a client's local certificate server.
Use attributes from Proxy RADIUS server is an authorization method available only for Proxy
RADIUS servers. The RADIUS attributes returned by the external RADIUS server are returned
unmodified.
Assign a fixed user role may be used to assign all authenticated users to a particular user role. If the
user's authentication attempt is successful, the RADIUS server will respond with an Access-Accept
message that includes the RADIUS attributes defined for the fixed role that has been selected for this
authentication server.
Use PHP code to assign a user role (Advanced) may be selected to return a role ID for users
authenticated via EAP-TLS on a client's local certificate server. The PHP authorization code is entered
on the Edit Authentication Server form.
The RADIUS Authentication diagnostic can be used to demonstrate the difference between the various
authorization methods.
To use the diagnostic, navigate to RADIUS Services > Server Control and click the Test RADIUS
Authentication command link. Enter the username and password for a user that is externally
authenticated.
Click the Run button to perform RADIUS authentication and display the results:
With authorization method No authorization – Authenticate only:
Sending Access-Request of id 165 to 127.0.0.1 port 1812
User-Name = "demouser"
User-Password = "XXXXXXXX"
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=165, length=20
Note that in this case, no RADIUS attributes are returned. The Access-Accept or Access-Reject result
indicates whether the user was successfully authenticated.
172
| RADIUS Services
ClearPass Guest 3.9 | Deployment Guide
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the PowerConnect W Clearpass 100 Software and is the answer not in the manual?
Questions and answers