How to allow RADIUS admin to login the switch? (by Windows Server)
Zyxel Employee
In the following example, we will only provide the necessary settings on the NPS of Windows Server 2019. If you haven't finished the switch settings, please check this article to complete.
Topology
Configuration of NPS
1. Set RADIUS Clients to 10.214.36.29 with shared secret 12345678.
2. Create your user account in "Active Directory Users and Computers". We will use zyuser as an example.
3. Add a login attribute to the Network policies of NPS.
(Please make sure that the login account (zyuser) is contained in the Windows Groups that you specified in the Conditions tab of NPS policy)
4. Create a new attribute string: “Zyxel-Privilege-AVPair” whose attribute ID is “3”. The vendor ID of Zyxel is “890” on the same Network policy.
Zyxel-Privilege-AVPair(3)
shell:priv-lvl=14
Verifications:
- Telnet or SSH from the customer to the switch
- Check packet replied from the Windows Server
What could go wrong
1. If you always fail to authenticate, check the Event Viewer on Windows Server to see what is the reason. For instance:
2. Unencrypted authentication (PAP, SPAP) must be enabled.
Adam
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 74 Security Highlight