AD/LDAP/Radius Admin Authentication
Options
Is it possible to specify Admin Accounts via an Authentication Server like AD/LDAP/Radius to Login via the Webinterface? I worked with Active Diretory and couldn't find a way get Admin Access via an AD User, only users with the user type Admin worked.
Or is it only possible to use the AD/LDAP/Radius for policy routing, VPN users ?
Or is it only possible to use the AD/LDAP/Radius for policy routing, VPN users ?
0
Accepted Solution
-
Thanks, it worked!0
All Replies
-
Hi @tsch
Welcome to Zyxel community.
Currently USG can support using external AD/LDAP/RADIUS authentication to login to the device. And RADIUS authentication is able gets different privileges.
There is a document is using different RADIUS attributes to managing different privileges after user logged into device.
https://businessforum.zyxel.com/discussion/1414/how-to-get-different-privileges-by-radius-authentication/p1?new=10 -
Thank you. Do you have a freeradius Server Configuration Guide by any chance. I'm struggeling to get it working.0
-
Here the what's my configuration of dictionary file and user account example of freeradius, FYI.
***** dictionary.zyxel *****
VENDOR Zyxel 890BEGIN-VENDOR ZyxelATTRIBUTE Zyxel-Privilege-AVPair 3 stringATTRIBUTE Zyxel-User-Type 64 stringATTRIBUTE Zyxel-Lease-Time 65 stringATTRIBUTE Zyxel-Reauth-Time 66 stringATTRIBUTE Zyxel-Total-Quota 74 stringATTRIBUTE Zyxel-Upload-Quota 75 stringATTRIBUTE Zyxel-Download-Quota 76 stringATTRIBUTE Zyxel-Bandwidth-Upload 77 stringATTRIBUTE Zyxel-Bandwidth-Upload-Priority 78 stringATTRIBUTE Zyxel-Bandwidth-Download 79 stringATTRIBUTE Zyxel-Bandwidth-Download-Priority 80 stringATTRIBUTE Zyxel-Callback-Option 192 integerATTRIBUTE Zyxel-Callback-Phone-Source 193 integerVALUE Zyxel-Callback-Phone-Source Preconfigured 0VALUE Zyxel-Callback-Phone-Source User 1VALUE Zyxel-Callback-Option None 0VALUE Zyxel-Callback-Option Optional 1VALUE Zyxel-Callback-Option Mandatory 2END-VENDOR Zyxel
***** /etc/raddb/usersian Cleartext-Password := "ian1234"Zyxel-User-Type := "admin",Zyxel-Lease-Time := "120"1 -
Thanks, it worked!0
Categories
- All Categories
- 383 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 75 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 890 Nebula FAQ
- 415 Security FAQ
- 233 Switch FAQ
- 203 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight