AD/LDAP/Radius Admin Authentication

Is it possible to specify Admin Accounts via an Authentication Server like AD/LDAP/Radius to Login via the Webinterface? I worked with Active Diretory and couldn't find a way get Admin Access via an AD User, only users with the user type Admin worked.  
Or is it only possible to use the AD/LDAP/Radius for policy routing, VPN users ?


Tagged:

Best Answer

Answers

  • Zyxel_StanleyZyxel_Stanley Zyxel Official Agent Posts: 586  mod
    edited July 10, 2018 3:39PM
    Hi @tsch
    Welcome to Zyxel community. :)

    Currently USG can support using external AD/LDAP/RADIUS authentication to login to the device. And RADIUS authentication is able gets different privileges.

    There is a document is using different RADIUS attributes to managing different privileges after user logged into device.
    https://businessforum.zyxel.com/discussion/1414/how-to-get-different-privileges-by-radius-authentication/p1?new=1
  • tschtsch Member Posts: 9
    Thank you. Do you have a freeradius Server Configuration Guide by any chance. I'm struggeling to get it working. 
  • Ian31Ian31 Member Posts: 113  Ally Member
    Here the what's my configuration of dictionary file and user account example of freeradius, FYI.

    ***** dictionary.zyxel *****
    VENDOR Zyxel 890
    BEGIN-VENDOR Zyxel

    ATTRIBUTE Zyxel-Privilege-AVPair 3 string

    ATTRIBUTE Zyxel-User-Type 64 string
    ATTRIBUTE Zyxel-Lease-Time 65 string
    ATTRIBUTE Zyxel-Reauth-Time 66 string
    ATTRIBUTE Zyxel-Total-Quota 74 string
    ATTRIBUTE Zyxel-Upload-Quota 75 string
    ATTRIBUTE Zyxel-Download-Quota 76 string
    ATTRIBUTE Zyxel-Bandwidth-Upload 77 string
    ATTRIBUTE Zyxel-Bandwidth-Upload-Priority 78 string
    ATTRIBUTE Zyxel-Bandwidth-Download 79 string
    ATTRIBUTE Zyxel-Bandwidth-Download-Priority 80 string

    ATTRIBUTE Zyxel-Callback-Option 192 integer
    ATTRIBUTE Zyxel-Callback-Phone-Source 193 integer

    VALUE Zyxel-Callback-Phone-Source Preconfigured 0
    VALUE Zyxel-Callback-Phone-Source User 1

    VALUE Zyxel-Callback-Option None 0
    VALUE Zyxel-Callback-Option Optional 1
    VALUE Zyxel-Callback-Option Mandatory 2

    END-VENDOR Zyxel


    ***** /etc/raddb/users
    ian     Cleartext-Password := "ian1234"
            Zyxel-User-Type := "admin",
    Zyxel-Lease-Time := "120"

    Zyxel_Stanley
Sign In to comment.