Header Only - DO NOT REMOVE - Extreme Networks

HiPath Wireless Assistant RADIUS attributes needed in order to authenticate management level access


Userlevel 3
Article ID: 12497

Products
HiPath, HiPath Wireless Assistant (Web GUI), RADIUS, Service-Type, Filter-ID

Symptoms
When using RADIUS Authentication under the Login Management option, a user cannot login as a Guest Portal Admin to create new Guest Portal login accounts.

Cause
By default the RADIUS return attribute Service-Type is sending back a value called "Framed". This attribute will move every user into a role of read only access.

Solution/Workaround
Here is a list of supported RADIUS return attributes which get created in the Remote Access Policy on your RADIUS server. The return attribute Service-Type will allow for different access levels into the HiPath Wireless Assistant (Web GUI):

V7.11 firmware and below:
Service-Type

Registry:
Value Description Reference
----- --------------------- ---------
1 Login
2 Framed Read Only
3 Callback Login
4 Callback Framed
5 Outbound
6 Administrative Super User
7 NAS Prompt
8 Authenticate Only Guest Portal Manager Access only[/code]V7.21 firmware and higher:
Service-Type

Registry:
Value Description Reference
----- --------------------- ----------
1 Login
2 Framed
3 Callback Login
4 Callback Framed
5 Outbound
6 Administrative Super User
7 NAS Prompt Read Only
8 Authenticate Only Guest Portal Manager Access only[/code]You can use the Enterasys proprietary Filter-ID format as well, but it can only assign the following roles (No Guest Portal Manager Access)
- Mgmt=ro == Read-Only administrator privileges
- Mgmt=rw == Full administration privileges
- Mgmt=su == Full administration privilege

Example: Enterasys:mgmt=su:policy=IT Team

0 replies

Be the first to reply!

Reply