Description
Is it possible to differentiate Admin authentication via RADIUS?
Scope
RELATED PRODUCTS: All controllers
RELATED SOFTWARE VERSIONS: 5.x
KEYWORDS: RADIUS, IAS, Internet Authentication Service, Remote Authentication Dial-In User Server/Service/System, admin authentication
Solution
1. All commands in the controller are classified under three priority levels 1, 10 and 15.
2. Any externally authenticated user will have the following access levels: equivalent to either amongst 1, 10 or 15.
To configure this with a RADIUS server, please follow the instructions below:
On The Meru Wireless Controller:
i) Sign-in via GUI.
ii) Navigate to Configuration ==> User Management ==> Setup.
iii) Choose Authentication Type ==> RADIUS
iv) Choose the RADIUS tab and fill in the RADIUS primary and secondary IP addresses, secret key and port.
On The RADIUS Server (Here; Microsoft RADIUS):
i. Click Start, point to Programs, point to Administrative Tools, and then click Internet Authentication Service.
ii. Click Remote Access Policies.
iii. Right-click the policy that you want to configure a vendor-specific attribute for, and then click Properties.
iv. Click Edit Profile, click the Advanced tab, and then click Add.
v. In the list of available RADIUS attributes, click Filter-ID, click Add, and then click Add.
vi. In the Enter the attribute value in box, click String, and then type 1/10/15.
vii. Create 3 such Remote Access Policies; each time choosing a separate user-group (should have been already created in AD) where each group represents a type of administrator (based on levels 1, 10 and 15). This should be specified under policy-conditions, configured when creating the policy.
