Created on 03-14-2016 05:53 AM Edited on 04-07-2022 01:08 PM By Anonymous
Description
Is it possible to differentiate Admin authentication via RADIUS?
Scope
RELATED PRODUCTS: All controllers
RELATED SOFTWARE VERSIONS: 5.x
KEYWORDS: RADIUS, IAS, Internet Authentication Service, Remote Authentication Dial-In User Server/Service/System, admin authentication
Solution
1. All commands in the controller are classified under three priority levels 1, 10 and 15.
2. Any externally authenticated user will have the following access levels: equivalent to either amongst 1, 10 or 15.
To configure this with a RADIUS server, please follow the instructions below:
On The Meru Wireless Controller:
i) Sign-in via GUI.
ii) Navigate to Configuration ==> User Management ==> Setup.
iii) Choose Authentication Type ==> RADIUS
iv) Choose the RADIUS tab and fill in the RADIUS primary and secondary IP addresses, secret key and port.
On The RADIUS Server (Here; Microsoft RADIUS):
i. Click Start, point to Programs, point to Administrative Tools, and then click Internet Authentication Service.
ii. Click Remote Access Policies.
iii. Right-click the policy that you want to configure a vendor-specific attribute for, and then click Properties.
iv. Click Edit Profile, click the Advanced tab, and then click Add.
v. In the list of available RADIUS attributes, click Filter-ID, click Add, and then click Add.
vi. In the Enter the attribute value in box, click String, and then type 1/10/15.
vii. Create 3 such Remote Access Policies; each time choosing a separate user-group (should have been already created in AD) where each group represents a type of administrator (based on levels 1, 10 and 15). This should be specified under policy-conditions, configured when creating the policy.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.