Managing the Internal Database

You can create entries in the controller’s internal database, to use to authenticate clients. The internal database contains a list of clients along with the password and default role for each client. When you configure the internal database as an authentication server, client information in incoming authentication requests is checked against the internal database.

Configuring the Internal Database

By default, the internal database in the master controller is used for authentication. You can choose to use the internal database in a local controller by entering the CLI command aaa authentication-server internal use-local-switch. If you use the internal database in a local controller, you need to add clients on the local controller.

.

Table 1 defines the required and optional parameters used in the internal database.

Table 1: Internal Database Configuration Parameters

Parameters

Description

User Name

(Required) Enter a user name or select Generate to automatically generate a user name. An entered username can be up to 64 characters in length.

Password

(Required) Enter a password or select Generate to automatically generate a password string. An entered password must be a minimum of 6 characters and can be up to 128 characters in length.

Role

Role for the client.

In order for this role to be assigned to a client, you need to configure a server derivation rule, as described in Configuring Server-Derivation Rules. (A user role assigned through a server-derivation rule takes precedence over the default role configured for an authentication method.)

E-mail

(Optional) E-mail address of the client.

Enabled

Select this checkbox to enable the user as soon as the user entry is created.

Expiration

Select one of the following options:

Entry does not expire: No expiration on user entry
Set Expiry time (mins): Enter the number of minutes the user is authenticated before their user entry expires.
Set Expiry Date (mm/dd/yyyy) Expiry Time (hh:mm): To select a specific expiration date and time, enter the expiration date in mm/dd/yyyy format, and the expiration time in hh:mm format.

Static Inner IP Address (for RAPs only)

Assign a static inner IP address to a Remote AP. If this database entry is not for a remote AP, leave this field empty.

Using the WebUI

1. Navigate to the Configuration > Security > Authentication > Servers page.
2. Select Internal DB.
3. Click Add User in the Users section. The user configuration page displays.
4. Enter the information for the client, as described in the table above.
5. Click Enabled to activate this entry on creation.
6. Click Apply to apply the configuration. The configuration does not take effect until you perform this step
7. At the Servers page, click Apply.

 

The Internal DB Maintenance window also includes a Guest User Page feature that allows you to create user entries for guests only. For details on creating guest users, see Guest Provisioning User Tasks.

Using the CLI

Enter the following command in enable mode:

(host)(config) #local-userdb add {generate-username|username <name>}{
generate-password|password <password>}

Managing Internal Database Files

ArubaOS allows you to import and export tables of user information to and from the internal database. These files should not be edited once they are exported. ArubaOS only supports the importing of database files that were created during the export process. Note that importing a file into the internal database overwrite and removes all existing entries.

Exporting Files in the WebUI

1. Navigate to the Configuration > Security > Authentication > Servers page.
2. Select Internal DB.
3. Click Export in the Internal DB Maintenance section. A popup window opens.
4. Enter the name of the file you want to export
5. Click OK.

Importing Files in the WebUI

1. Navigate to the Configuration > Security > Authentication > Servers page.
2. Select Internal DB.
3. Click Import in the Internal DB Maintenance section. A popup window opens.
4. Enter the name of the file you want to import.
5. Click OK.

Exporting and Importing Files in the CLI

Enter the following command in enable mode:

(host)(config) #local-userdb export <filename>

(host)(config) #local-userdb import <filename>

Working with Internal Database Utilities

The local internal database also includes utilities to clear all users from the database and to restart the internal database to repair internal errors. Under normal circumstances, neither of these utilities are necessary.

Deleting All Users

Issue this command to remove users from the internal database after you have moved your user database from the controller’s internal server to an external server.

1. Navigate to the Configuration > Security > Authentication > Servers page.
2. Select Internal DB.
3. Click Delete All Users in the Internal DB Maintenance section. A popup window open and asks you to confirm that you want to remove all users.
4. Click OK.

Repairing the Internal Database

Use this utility under the supervision of Aruba technical support to recreate the internal database. This may clear internal database errors, but also removes all information from the database. Make sure you export your current user information before you start the repair procedure.

1. Navigate to the Configuration > Security > Authentication > Servers page.
2. Select Internal DB.
3. Click Repair Database in the Internal DB Maintenance section. A popup window open and asks you to confirm that you want to recreate the database.
4. Click OK.