cancel
Showing results for 
Search instead for 
Did you mean: 

Does anybody know how to use the new RADIUS authentication feature for admin users in HM on Prem 12.8.2.2?

Does anybody know how to use the new RADIUS authentication feature for admin users in HM on Prem 12.8.2.2?

aerohive_rotten
New Contributor

I was able to connect to my RADIUS Server and get successful authentication. However the HiveManager always returned an error on the login screen.

Is there some Attribute I have to return to HiveManager from the RADIUS Server?

17 REPLIES 17

bpokrant
New Contributor

Hello,

 

Solution:

 

If you want to use radius users to access Hivemanager you have to specify the custom attributes.

 

"Attributwert" (Value): 0=RO 1=SA 2=RWA

 

34247bf6a23041f2af703861ad63bd6d_0690c000006GbbsAAC.png

 

Kind regards

 

samantha_lynn
Esteemed Contributor III

I can't speak to other cases but I can say the issue as a whole has been raised internally and we are working on this. I would urge you to open a case yourself if you haven't already, just so you are sure to get the latest updates and information on this. I'll do my best to keep you all updated on the community, but a dedicated case will likely receive updates and help a bit faster.

oliver_eve
New Contributor

Cheers Sam,

 

I understand the process but it doesn't work once configured i.e Radius passes authentication on the NPS box but hivemanager errors out.

 

Is there an open case internally for this?

samantha_lynn
Esteemed Contributor III

@Ian Blackwood​ , to answer your questions:

 

So *all* users (both local and RADIUS) should be listed in Account Management ?

This is correct, the HiveManager needs to know about the user in the HiveManager account list, both for access and so it can apply the correct permission sets within the HiveManager for the user.

*When I talk about local users in this context, I do not mean internal PPSK or RADIUS credentials that you make for your end users, I'm referring to the HiveManager logins you make for Admins, Operators, Guest Managers, etc. Just so there is no confusion.

 

What is the expected behaviour when the user exists in both local and RADIUS sources ?

The user would log in with their RADIUS credentials, the RADIUS server would authenticate them, if this is successful the user will be logged in to the HiveManager, the HiveManager will find that users email in it's internal list of users/admins and will apply the permission set for the user that you chose when you created the user in HiveManager.

 

What happens for existing users ? What happens for new users ?

You can turn on RADIUS access to the HiveManager, or you can enable both so that some users can login with their RADIUS credentials and some with their local (on the HiveManager admin list) user credentials. This way, you can have users in your AD and users that only exist in the HiveManager and not in the AD. So existing users will continue to be able to log in, and new users will login in whichever method you set up for them.

 

I hope this helps, I am still waiting on some more documentation on this feature. I'll update you all as soon as I know more. Thank you for your patience and questions in the mean time.

 

ian_blackwood
New Contributor

I have similar, but during "test" when adding the RADIUS (MS NPS server) it says it was rejected even though it was okay in the NPS server logs. This means I cannot SAVE the RADIUS server settings in HiveManager.

 

I am trying this with mixed mode (Local DB + RADIUS) as I already have existing accounts.

 

Sam - to clarify - so *all* users (both local and RADIUS) should be listed in Account Management ?

What is the expected behaviour when the user exists in both local and RADIUS sources ? What happens for existing users ? What happens for new users ?

 

Regards,

Ian

 

GTM-P2G8KFN