This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to configure NAC as RADIUS to authorize AD users

How to configure NAC as RADIUS to authorize AD users

Ilya_Semenov
Contributor

‎01-18-2018 08:21 PM

Hello, everybody,

please, give me a link to some manuals.

I want to use one of two existing NAC installations as RADIUS to authorize AD users for an external system (Fortigate FG-600 firewall).

So, the questions are:

1) How to configure NAC to send authorization requests to AD domain controllers?
2) How to configure NAC be RADIUS server

Many thanks in advance,
Ilya
0 Kudos
7 REPLIES 7

StephanH
Valued Contributor III

‎01-19-2018 05:48 AM

Here is another threat with a discussion about the differences about Radius and NAC:

https://community.extremenetworks.com/extreme/topics/nac-vs-seperate-radius-server

Best regards
Stephan
Regards Stephan
0 Kudos

StephanH
Valued Contributor III

‎01-19-2018 05:46 AM

Hello Ilya,

simplified the difference between proxying Radius to NPS and authenticate locally is the following.

If you use proxy all auth request are forwarded to the NPS and the NPS make the decision who comes in and what information's (e. g. radios attributes) are sent back to the client. But NAC can overwrite the information sent back to the client if needed!

If you use NAC as Radius, NAC make the decision who comes in and sent back all radius attributes for authorization. But the NAC can ask a directory like AD to do the correct decision.

Here are a lot of good informations how you can use NAC as Radius and ask the AD for more information.

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-authorise-Windows-domain-user-compu...

In my opinion you are more flexible if you do the authentication and authorization direct on the NAC and you have not to ask a Windows Server admin for support.

But there are situation the proxy solution is more beneficial.

Best regards
Stephan
Regards Stephan
0 Kudos

Gareth_Mitchell
Extreme Employee
In response to StephanH

‎01-19-2018 05:46 AM

Ilya

Please try this link if you are still having problems: https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-authorise-Windows-domain-user-compu...

-Gareth

0 Kudos

StephanH
Valued Contributor III
In response to StephanH

‎01-19-2018 05:46 AM

Hi,

I tested the link again with (different) devices some minutes ago. It works. Please test again.

Regards Stephan
0 Kudos
GTM-P2G8KFN