topic HiPath Wireless Assistant RADIUS attributes needed in order to authenticate management level access in FAQs https://community.extremenetworks.com/t5/faqs/hipath-wireless-assistant-radius-attributes-needed-in-order-to/m-p/41248#M42 Article ID: 12497 <BR /> <BR /> <B>Products</B><BR /> HiPath, HiPath Wireless Assistant (Web GUI), RADIUS, Service-Type, Filter-ID <BR /> <BR /> <B>Symptoms</B><BR /> When using RADIUS Authentication under the Login Management option, a user cannot login as a Guest Portal Admin to create new Guest Portal login accounts. <BR /> <BR /> <B>Cause</B><BR /> By default the RADIUS return attribute Service-Type is sending back a value called "Framed". This attribute will move every user into a role of read only access. <BR /> <BR /> <B>Solution/Workaround</B><BR /> Here is a list of supported RADIUS return attributes which get created in the Remote Access Policy on your RADIUS server. The return attribute Service-Type will allow for different access levels into the HiPath Wireless Assistant (Web GUI): <BR /> <BR /> <B>V7.11 firmware and below:</B> <BR /> Service-Type<BR /> <BR /> Registry:<BR /> Value Description Reference<BR /> ----- --------------------- ---------<BR /> 1 Login<BR /> 2 Framed Read Only<BR /> 3 Callback Login<BR /> 4 Callback Framed<BR /> 5 Outbound<BR /> 6 Administrative Super User<BR /> 7 NAS Prompt<BR /> 8 Authenticate Only Guest Portal Manager Access only<B>V7.21 firmware and higher:</B> <BR /> Service-Type<BR /> <BR /> Registry:<BR /> Value Description Reference<BR /> ----- --------------------- ----------<BR /> 1 Login<BR /> 2 Framed<BR /> 3 Callback Login<BR /> 4 Callback Framed<BR /> 5 Outbound<BR /> 6 Administrative Super User<BR /> 7 NAS Prompt Read Only<BR /> 8 Authenticate Only Guest Portal Manager Access onlyYou can use the Enterasys proprietary <B>Filter-ID</B> format as well, but it can only assign the following roles (<I>No Guest Portal Manager Access</I>) <BR /> - Mgmt=ro == Read-Only administrator privileges <BR /> - Mgmt=rw == Full administration privileges <BR /> - Mgmt=su == Full administration privilege <BR /> <BR /> <I>Example: Enterasys:mgmt=su:policy=IT Team</I> Wed, 01 Jan 2014 03:58:00 GMT FAQ_User 2014-01-01T03:58:00Z HiPath Wireless Assistant RADIUS attributes needed in order to authenticate management level access https://community.extremenetworks.com/t5/faqs/hipath-wireless-assistant-radius-attributes-needed-in-order-to/m-p/41248#M42 Article ID: 12497 <BR /> <BR /> <B>Products</B><BR /> HiPath, HiPath Wireless Assistant (Web GUI), RADIUS, Service-Type, Filter-ID <BR /> <BR /> <B>Symptoms</B><BR /> When using RADIUS Authentication under the Login Management option, a user cannot login as a Guest Portal Admin to create new Guest Portal login accounts. <BR /> <BR /> <B>Cause</B><BR /> By default the RADIUS return attribute Service-Type is sending back a value called "Framed". This attribute will move every user into a role of read only access. <BR /> <BR /> <B>Solution/Workaround</B><BR /> Here is a list of supported RADIUS return attributes which get created in the Remote Access Policy on your RADIUS server. The return attribute Service-Type will allow for different access levels into the HiPath Wireless Assistant (Web GUI): <BR /> <BR /> <B>V7.11 firmware and below:</B> <BR /> Service-Type<BR /> <BR /> Registry:<BR /> Value Description Reference<BR /> ----- --------------------- ---------<BR /> 1 Login<BR /> 2 Framed Read Only<BR /> 3 Callback Login<BR /> 4 Callback Framed<BR /> 5 Outbound<BR /> 6 Administrative Super User<BR /> 7 NAS Prompt<BR /> 8 Authenticate Only Guest Portal Manager Access only<B>V7.21 firmware and higher:</B> <BR /> Service-Type<BR /> <BR /> Registry:<BR /> Value Description Reference<BR /> ----- --------------------- ----------<BR /> 1 Login<BR /> 2 Framed<BR /> 3 Callback Login<BR /> 4 Callback Framed<BR /> 5 Outbound<BR /> 6 Administrative Super User<BR /> 7 NAS Prompt Read Only<BR /> 8 Authenticate Only Guest Portal Manager Access onlyYou can use the Enterasys proprietary <B>Filter-ID</B> format as well, but it can only assign the following roles (<I>No Guest Portal Manager Access</I>) <BR /> - Mgmt=ro == Read-Only administrator privileges <BR /> - Mgmt=rw == Full administration privileges <BR /> - Mgmt=su == Full administration privilege <BR /> <BR /> <I>Example: Enterasys:mgmt=su:policy=IT Team</I> Wed, 01 Jan 2014 03:58:00 GMT https://community.extremenetworks.com/t5/faqs/hipath-wireless-assistant-radius-attributes-needed-in-order-to/m-p/41248#M42 FAQ_User 2014-01-01T03:58:00Z