AD/LDAP/Radius Admin Authentication

tsch
tsch Posts: 9
First Comment
edited April 2021 in Security
Is it possible to specify Admin Accounts via an Authentication Server like AD/LDAP/Radius to Login via the Webinterface? I worked with Active Diretory and couldn't find a way get Admin Access via an AD User, only users with the user type Admin worked.  
Or is it only possible to use the AD/LDAP/Radius for policy routing, VPN users ?


Accepted Solution

All Replies

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,361  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited July 2018
    Hi @tsch
    Welcome to Zyxel community. :)

    Currently USG can support using external AD/LDAP/RADIUS authentication to login to the device. And RADIUS authentication is able gets different privileges.

    There is a document is using different RADIUS attributes to managing different privileges after user logged into device.
    https://businessforum.zyxel.com/discussion/1414/how-to-get-different-privileges-by-radius-authentication/p1?new=1
  • tsch
    tsch Posts: 9
    First Comment
    Thank you. Do you have a freeradius Server Configuration Guide by any chance. I'm struggeling to get it working. 
  • Ian31
    Ian31 Posts: 165  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Here the what's my configuration of dictionary file and user account example of freeradius, FYI.

    ***** dictionary.zyxel *****
    VENDOR Zyxel 890
    BEGIN-VENDOR Zyxel

    ATTRIBUTE Zyxel-Privilege-AVPair 3 string

    ATTRIBUTE Zyxel-User-Type 64 string
    ATTRIBUTE Zyxel-Lease-Time 65 string
    ATTRIBUTE Zyxel-Reauth-Time 66 string
    ATTRIBUTE Zyxel-Total-Quota 74 string
    ATTRIBUTE Zyxel-Upload-Quota 75 string
    ATTRIBUTE Zyxel-Download-Quota 76 string
    ATTRIBUTE Zyxel-Bandwidth-Upload 77 string
    ATTRIBUTE Zyxel-Bandwidth-Upload-Priority 78 string
    ATTRIBUTE Zyxel-Bandwidth-Download 79 string
    ATTRIBUTE Zyxel-Bandwidth-Download-Priority 80 string

    ATTRIBUTE Zyxel-Callback-Option 192 integer
    ATTRIBUTE Zyxel-Callback-Phone-Source 193 integer

    VALUE Zyxel-Callback-Phone-Source Preconfigured 0
    VALUE Zyxel-Callback-Phone-Source User 1

    VALUE Zyxel-Callback-Option None 0
    VALUE Zyxel-Callback-Option Optional 1
    VALUE Zyxel-Callback-Option Mandatory 2

    END-VENDOR Zyxel


    ***** /etc/raddb/users
    ian     Cleartext-Password := "ian1234"
            Zyxel-User-Type := "admin",
    Zyxel-Lease-Time := "120"

  • tsch
    tsch Posts: 9
    First Comment
    Answer ✓
    Thanks, it worked!

Security Highlight