How to allow RADIUS admin to login the switch? (by Windows Server)
In the following example, we will only provide the necessary settings on the NPS of Windows Server 2019. If you haven't finished the switch settings, please check this article to complete.
Topology
Configuration of NPS
1. Set RADIUS Clients to 10.214.36.29 with shared secret 12345678.
2. Create your user account in "Active Directory Users and Computers". We will use zyuser as an example.
3. Add a login attribute to the Network policies of NPS.
(Please make sure that the login account (zyuser) is contained in the Windows Groups that you specified in the Conditions tab of NPS policy)
4. Create a new attribute string: “Zyxel-Privilege-AVPair” whose attribute ID is “3”. The vendor ID of Zyxel is “890” on the same Network policy.
Zyxel-Privilege-AVPair(3)
shell:priv-lvl=14
Verifications:
- Telnet or SSH from the customer to the switch
- Check packet replied from the Windows Server
What could go wrong
If you always fail to authenticate, check the Event Viewer on Windows Server to see what is the reason. For instance:
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 79 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 910 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 898 Nebula FAQ
- 415 Security FAQ
- 234 Switch FAQ
- 205 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight