Having trouble with the NetSight RADIUS login to work how I would like it.
The intention is to have AD users login that are only part of a specific OU=ITStaff, so there are a couple of things that seems to mention this might be possible. The first is this GTAC knowledge article:
And the field in the authorised members section that shows 'Automatic Member', as per image below:
So I have configured this based on the GTAC article, which has worked OK but not quite how I wont it, and maybe a little contradictory - but that's probably just my interpretation.
This is the configuration of NPS / RADIUS (Windows 2012), the user group added for ITStaff (which my AD user Mflammia belongs to) and a Filter-Id=staff:
And this is shows me correctly logged in, with my AD account of 'mflamma' and correctly assigned the group of 'Staff'.
So here are the problems:
1) If I remove 'mflammia' from the 'Authorised Users' section I can not login - what I was hoping for since NPS is configured to only give a RADIUS accept back if a member belongs to the group ITStaff, and Filter-Id=Staff that the 'Automatic Member' field would kick in showing true for user mflammia and allow me in?
2) I have to specify 'mflammia' in the 'Authorised Users' section in the 'User Name' field and 'Staff' under the 'Authorisation Group' field, as they are mandatory. If I set the 'Authorisation Group' field to 'NetSight Administrator' instead, then the user will get that group when I login. So my question is, what's the point of setting a 'Criteria' in the 'Authorisation Group' section with a 'Filter-ID=Staff', if you have to manually set the authorisation group in the Authorised Users field anyway - its possibly that no user will ever get the staff authorisation group unless a Filter-ID of Staff is passed? Was hoping that passing the Filter-ID=Staff would mean that the authorisation group of Staff is then selected for that particular user?
Guess my ultimate goal is to have users automatically be able to log into NetSight if they belong to the AD group of ITStaff only, and those users get a authorisation group that is defined by the Filter-ID, instead of having to manually add each of those users into the Authorised Users section in NetSight.
Many thanks in advance.