How to configure SZ admin user authentication against RADIUS server

Summary

The article describes SZ management user configuration for authentication using a Radius server

Question

How to configure vSZ Admin/management users to use Radius admin authentication?

Customer Environment

SZ, vSZ, RADIUS, NPS server

Resolution

Step 1: Create Role/Group:
- Login to the vSZ-H -->Administration -->Admins and Roles -->Groups -->Create

User-added image

Step 2: Create a Group/Role and give the required permission:

User-added image

Step 3:- Add the resources:-

User-added image

User-added image

User-added image

Step 4:- Add the Domain:

User-added image

Step 5: Add/Create the Users:

User-added image

User-added image

User-added image

User-added image

User-added image
User-added image

Step 6: Create AAA server:
- Login to vSZ GUI --> Administration --> Admins and Roles --> AAA --> Create --> Add the Server details with shared secret --> Click Ok
-Select the User Group that was created earlier(Group1) and Administrator as "RuckusAdmin".
-Realm should be same as the user account domain on AD.

User-added image


Step 7:- AD server configuration.
a. Open Server Manager-->Tools--> click on Active Directory Users and computer

User-added image

User-added image

Step 7:- Create a User Group/User on AD to grant access.
a. Right click Users and create a new group, give it an appropriate name: Example: Ruckus-WSG-User-User1

User-added image

User-added image

b. Create or add a user to this new group:

User-added image

User-added image

Step 8:- Configure NPS to allow the new Group Access:
a. Open “Network Policy Server”, expand “Policies” and create a new Policy to allow the newly
created domain Group:

User-added image

b. Edit the New Policy and go to Conditions>UserGroups and click on the “Add” button to add group "Ruckus-WSG-User-User1" that was created earlier.

User-added image

c. Edit the New Policy and go to Settings>Vendor Specific and click on the “Add” button and then in the VSA attribute select Vendor-Specific: Radius Standard

User-added image

d. In the Attribute information dialog, click on “Add”:

User-added image

e. In the Vendor-Specific Attribute Information dialog, enter Ruckus vendor code of 25053 and
select “Yes. It conforms” and click on “Configure Attribute”:

User-added image

f. In the “Configure VSA (RFC Compliant)” dialog set the attribute number to 10, use a String
format and provide the String value. It should match the string configured in Step 5:

User-added image

Note: Screenshot from step 5: The name of the User created should match the above String:

User-added image

g. Click OK and verify the new NPS policy show the correct:

User-added image

h. Create a RADIUS client--> Right click RADIUS client--> New--> add vSZ IP address and shared secret that was configured in step 6.

User-added image

Note: You can run the ‘Test AAA’ to verify the connectivity.

User-added image

Step 9:- Login with the Username:- ‘username@domain_name/realm_name’ and the correct password.
Example:-

User-added image

Article Number:
000008283

Updated:
November 25, 2024 03:57 AM (18 days ago)

Tags:
Configuration, Troubleshooting, virtual SmartCell Gateway

Votes:
0

This article is:
helpful
not helpful

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.

Alert!!

Close