This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Does anybody know how to use the new RADIUS authentication feature for admin users in HM on Prem 12.8.2.2?

Does anybody know how to use the new RADIUS authentication feature for admin users in HM on Prem 12.8.2.2?

aerohive_rotten
New Contributor

‎10-09-2018 11:06 AM

I was able to connect to my RADIUS Server and get successful authentication. However the HiveManager always returned an error on the login screen.

Is there some Attribute I have to return to HiveManager from the RADIUS Server?

0 Kudos
17 REPLIES 17

AnonymousM
Valued Contributor II

‎10-30-2018 11:06 AM

Hello Sam,

 

i will send you an PCAP to communityhelp@aerohive.com this day.

0 Kudos

samantha_lynn
Esteemed Contributor III

‎10-25-2018 07:50 PM

Thanks for your patience, I've found out a bit more about this feature.

 

We do not process attributes assigned to users when they use Radius to log in. When you have users that are going to log in via Radius, they also need to be users that have been created in the HiveManager under Account Management in Global Settings. When you create the user in Account management, you would assign their level of permission there. Regardless of the attribute returned when they log in with their Radius credentials, they will be assigned the level of permission that you specified when you created their user account in the HiveManager.

 

As for the issues where the authentication method changes from MSCHAPv2, we'd need to see a mirrored port packet capture that was running when you replicate this issue. This guide will walk you through how to set up a mirrored port packet capture- https://thehivecommunity.aerohive.com/s/article/Packet-Capture-with-Mirrored-Port

 

If you could send that to me at communityhelp@aerohive.com, I can take a look and let you know what we find.

0 Kudos

oliver_eve
New Contributor

‎10-24-2018 01:26 PM

Has anyone managed to get this to work? I see my authentication request succeed on my NPS but the logon fails into NG.

0 Kudos

j_cross
New Contributor

‎10-22-2018 02:21 PM

I see similar issues with 12.8.2.2. Unable to log in since it appears we are missing documentation on what attributes we should be passing back to hivemanager.

I have also noticed that if you choose MSCHAPv2 it still tries to authenticate to the RADIUS server as PAP.

0 Kudos

AnonymousM
Valued Contributor II

‎10-19-2018 11:15 AM

Hello,

 

in HM Classic there are some Radius-Dict files where are these attributes are defined:

 

VENDOR Aerohive 26928

BEGIN-VENDOR Aerohive

# The following ATTRIBUTE and VALUE definitions are required.

ATTRIBUTE AH-HM-Admin-Group-Id 1 integer

VALUE AH-HM-Admin-Group-Id Read-Only-Admin 0

VALUE AH-HM-Admin-Group-Id Super-Admin 1

VALUE AH-HM-Admin-Group-Id Read-Write-Admin 2

# The following is an example of an admin group that you can define.

#VALUE AH-HM-Admin-Group-Id Admin-Group100 100

END-VENDOR Aerohive

 

I have the same problem, that i see a successfully authentication at radius server but the logon to hivemanager ist not possible.

 

May you can test this attributes to return it to hivemanager?

 

Kind regards,

 

Tobi

0 Kudos
GTM-P2G8KFN