This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

XIQ-SE Authentication

XIQ-SE Authentication

Go to solution
Tiago_Molinos
New Contributor II

‎01-08-2024 11:04 AM

Hi!

I'm trying to configure a MS NPS server to act as RADIUS server authenticator for XIQ-SE login.

I've managed to do it, but whenever there's a user who has never logged in before (or that it hasn't been manually created and added to an Authorization Group) it just keeps asking for credentials and never logs in.

I know there must be some "Automatic Membership Criteria" defined, but I cannot find any examples on how to do it, specifically when using RADIUS.

I've captured the RADIUS packets and saw that I got authorized. I also saw on XIQ-SE Event log a "No Group for User" event - "Unable to find dynamic group for user XPTO using RADIUS configuration".

On the reply RADIUS packets I see that there are no VSA's sent back and that's normal because I haven't configured them as I don't know if they are required... Is this the way to go? Any documentation on what VSA to use?

Any help on achieving this? 

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Stefan_K_
Valued Contributor

‎01-09-2024 12:54 AM

Hi Tiago,

 

I did this using ExtremeControl, but it should work also for any third party radius server.

I configured a Filter-Id in the automatic Membership criteria, for example:

Stefan_K__0-1704790336409.png

 

My ExtremeControl rule then has this filter configured:

Stefan_K__1-1704790417578.png

I have some other rules that return another Filter-Id that is used for other groups.

Hope that helps a bit.

 

Best regards
Stefan

View solution in original post

6 REPLIES 6

Go to solution
Tiago_Molinos
New Contributor II
In response to Stefan_K_

‎01-09-2024 06:52 AM

Good!! Nice to know!

0 Kudos

Go to solution
Ryan_Yacobucci
Extreme Employee
In response to Stefan_K_

‎01-09-2024 05:19 AM

I can confirm this is the recommended configuration. 

You can use other attributes, but the RADIUS dictionary within XIQ-SE for use with this feature is very limited. If you aren't going to use filter-id use another common standardized AVP. 

Thanks
Ryan

0 Kudos
GTM-P2G8KFN