HiPath Wireless Assistant RADIUS attributes needed in order to authenticate management level access

  • 0
  • 1
  • Article
  • Updated 4 years ago
Article ID: 12497 

Products
HiPath, HiPath Wireless Assistant (Web GUI), RADIUS, Service-Type, Filter-ID 

Symptoms
When using RADIUS Authentication under the Login Management option, a user cannot login as a Guest Portal Admin to create new Guest Portal login accounts. 

Cause
By default the RADIUS return attribute Service-Type is sending back a value called "Framed". This attribute will move every user into a role of read only access. 

Solution/Workaround
Here is a list of supported RADIUS return attributes which get created in the Remote Access Policy on your RADIUS server. The return attribute Service-Type will allow for different access levels into the HiPath Wireless Assistant (Web GUI): 

V7.11 firmware and below: 
  Service-Type

Registry:
Value Description Reference
----- --------------------- ---------
1 Login
2 Framed Read Only
3 Callback Login
4 Callback Framed
5 Outbound
6 Administrative Super User
7 NAS Prompt
8 Authenticate Only Guest Portal Manager Access only
V7.21 firmware and higher: 
  Service-Type

Registry:
Value Description Reference
----- --------------------- ----------
1 Login
2 Framed
3 Callback Login
4 Callback Framed
5 Outbound
6 Administrative Super User
7 NAS Prompt Read Only
8 Authenticate Only Guest Portal Manager Access only
You can use the Enterasys proprietary Filter-ID format as well, but it can only assign the following roles (No Guest Portal Manager Access
- Mgmt=ro == Read-Only administrator privileges 
- Mgmt=rw == Full administration privileges 
- Mgmt=su == Full administration privilege 

Example: Enterasys:mgmt=su:policy=IT Team
Photo of FAQ User

FAQ User, Official Rep

  • 13,610 Points 10k badge 2x thumb

Posted 4 years ago

  • 0
  • 1

There are no replies.

This conversation is no longer open for comments or replies.