Skip to main content

2 Messages

 • 

80 Points

Tue, Feb 11, 2020 4:08 AM

Role assignment via Radius AAA Accounting

Is it possible to use a radius attribute on a Windows NPS to assign a role to a user authenticating via Radius on a ZD controller? I can find group attributes, but not a role assignment. Trying to authenticate admins via Radius. 

FYI: Googled for hours, searched here, either end up getting 404 errors on their website, or 403s if I'm not logged into an account.

Responses

127 Messages

 • 

2.4K Points

9 months ago

Yes. Definitively possible. You might need to import the attribute or dictionary onto nps but the attribute you want is called "Ruckus-User-Groups". You can find some more details here. https://support.ruckuswireless.com/do...

Googling for that specific term should lead you in the right direction.

If you don't have a support account you can get the radius dictionary here
https://github.com/wireshark/wireshar...

But from what I understand you have to load the dictionary manually (meaning add the attributes by hand if they are not there).

If using zone director I believe that's it. Just return the name of the role you defined in ZD and it should take. In smartzone I believe you have to create a mapping between the string received in radius and the actual role you want to use. In ZD it's a one to one mapping if I'm not mistaken.

Good luck!

127 Messages

 • 

2.4K Points

9 months ago

Not sure this link works for you. But seems directly what you need. https://support.ruckuswireless.com/ar...