RADUS admin login SmartZone ?

  • 1
  • Question
  • Updated 3 months ago
  • Answered
Hello, I am trying to configure RADIUS admin login (via Active Directory NPS server) to the Smartzone. 
I have been told by Ruckus support that I need to configure each individual Active Directory account on the ZoneDirector under 'Administration - Admins and Roles - Administrators' including the username AND password. 
This does not make sense to me, because then if the AD account password changes, then  I need to manually change the password in the local SmartZone Admin account database also ?
Surely this is not the case ?
Can someone please assist.
Photo of philip francis

philip francis

  • 57 Posts
  • 0 Reply Likes

Posted 3 months ago

  • 1
Photo of Douglas Colthar

Douglas Colthar

  • 1 Post
  • 1 Reply Like
It may be easier if you can set it up using Active Directory type AAA server.  If you go that route:

You should be able to define the AD server, then go to Configure > Roles and in the Group Mapping enter the Active Directory security group name that you are going to have admins be a part of.   Then while still in the Role select the Allow Zonedirector Administration.

Then after that go to Administer > Preferences and select the Authenticate with Auth Server radio button and pick your auth server.  Make sure to set a fallback username/password too!

That will let anyone in that AD group authenticate to the ZD.

Hope this helps!
Photo of Karthik

Karthik, Employee

  • 18 Posts
  • 9 Reply Likes
The local account in smartzone is used as reference account for privileges. If you change password of account in RADIUS/AD, you don't have to change anything in SZ local user.

the AAA server is required to send an attribute back to the SZ that maps the AAA account to a local admin account on the SZ. Then the local admin account on SZ is mapped to an admin role on SZ which defines the permission.

In 5.x version and above to simplify this deployment,
If you choose "Default Role mapping" AAA users will be automatically mapped to default local user/group permission even if the AAA server does not use mapping attributes.

Reference https://docs.arris.com/bundle/sz-510-adminguide-sz300vsz/page/GUID-B9789B57-C58B-4215-A83A-AC05BA145...