Skip to main content

13 Messages

 • 

220 Points

Sat, Jan 19, 2019 4:26 PM

Zone Director and NPS/Radius for Admin authentication

I am trying to find documentation on how to properly configure Windows(2016) Server with AD/NPS/Radius to authenticate administrators on our ZD (and eventually SZ) controllers.  We are NOT looking to authenticate WiFi users.

Are there any special attributes we need to add?  Assuming Service-Type:Login and removing any Framed statements(PPP) Anything else?  

Responses

13 Messages

 • 

220 Points

2 years ago

Update: I've found that the authentication appears to succeed on NPS, but the ZD1200 controller doesn't seem to think so

7 Messages

 • 

164 Points

Hi, have you tried following this guide: https://support.ruckuswireless.com/articles/000008283  ?

13 Messages

 • 

220 Points

I've looked at it.  The SCG is a bit different than a ZD, but I was able to apply similar principals, no luck though.  The Radius test on the ZD works, but logging in does not.  My AD/NPS logs show the login as successful

7 Messages

 • 

164 Points

I'd check Roles in ZD configuration, verify that you have Role which allows ZD administration. Since RADIUS test works, verify that user is assigned correct Role. You probably have done it, but also remember to enable external admin authentication under Administration-> Preferences.

If everything looks correct and still not working, then I'd try changing to Active Directory type of authentication profile instead of RADIUS, at least as troubleshooting method narrowing the problem. I've found AD authentication easier to implement, especially if you wan't to allow ZoneDirector admin only for members of specific AD group. I'm currently trying to achieve that on SmartZone platform, without success...

16 Messages

 • 

314 Points

at my school we use 802.1x and NPS on server 2016/2012R2 (auth against computer accounts) i have two docs with screenshots of every step of both the NPS setup and the GPO to make the laptops joint the WiFi i can share them if you like

2 Messages

 • 

72 Points

@Gordon Taylor I would be very interested to share those documents, just in the process of setting up something similar at our school.

30 Messages

 • 

778 Points

2 years ago

Dave,

You're trying to actually log into the ZD/SZ, yes?  If you have it all configured and you're getting the proper accept message within your NPS logs, are logging in with your full AD address (email basically)?  We log in to a vSZ via our AD/NPS/RADIUS but the vSZ only support PAP/CHAP and we had to make some adjustments to our NPS policy and even then we still have to use the full account name (@).