Role assignment via Radius AAA Accounting

  • 1
  • Question
  • Updated 7 months ago
Is it possible to use a radius attribute on a Windows NPS to assign a role to a user authenticating via Radius on a ZD controller? I can find group attributes, but not a role assignment. Trying to authenticate admins via Radius. 

FYI: Googled for hours, searched here, either end up getting 404 errors on their website, or 403s if I'm not logged into an account.
Photo of Aaron Becker

Aaron Becker

  • 2 Posts
  • 0 Reply Likes
  • frustrated

Posted 7 months ago

  • 1
Photo of Diego Garcia del Rio

Diego Garcia del Rio

  • 127 Posts
  • 45 Reply Likes
Yes. Definitively possible. You might need to import the attribute or dictionary onto nps but the attribute you want is called "Ruckus-User-Groups". You can find some more details here. https://support.ruckuswireless.com/do...

Googling for that specific term should lead you in the right direction.

If you don't have a support account you can get the radius dictionary here
https://github.com/wireshark/wireshar...

But from what I understand you have to load the dictionary manually (meaning add the attributes by hand if they are not there).

If using zone director I believe that's it. Just return the name of the role you defined in ZD and it should take. In smartzone I believe you have to create a mapping between the string received in radius and the actual role you want to use. In ZD it's a one to one mapping if I'm not mistaken.

Good luck!
Photo of Diego Garcia del Rio

Diego Garcia del Rio

  • 127 Posts
  • 45 Reply Likes
Not sure this link works for you. But seems directly what you need. https://support.ruckuswireless.com/ar...