This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RADUS admin login SmartZone ?

philip_francis1
Contributor

‎08-26-2019 03:55 PM

Hello, I am trying to configure RADIUS admin login (via Active Directory NPS server) to the Smartzone. 
I have been told by Ruckus support that I need to configure each individual Active Directory account on the ZoneDirector under 'Administration - Admins and Roles - Administrators' including the username AND password. 
This does not make sense to me, because then if the AD account password changes, then  I need to manually change the password in the local SmartZone Admin account database also ?
Surely this is not the case ?
Can someone please assist.
2 REPLIES 2

douglas_colthar
New Contributor

‎08-27-2019 12:57 PM

It may be easier if you can set it up using Active Directory type AAA server.  If you go that route:

You should be able to define the AD server, then go to Configure > Roles and in the Group Mapping enter the Active Directory security group name that you are going to have admins be a part of.   Then while still in the Role select the Allow Zonedirector Administration.

Then after that go to Administer > Preferences and select the Authenticate with Auth Server radio button and pick your auth server.  Make sure to set a fallback username/password too!

That will let anyone in that AD group authenticate to the ZD.

Hope this helps!

karthik
RUCKUS Team Member

‎08-28-2019 11:53 AM

The local account in smartzone is used as reference account for privileges. If you change password of account in RADIUS/AD, you don't have to change anything in SZ local user.

the AAA server is required to send an attribute back to the SZ that maps the AAA account to a local admin account on the SZ. Then the local admin account on SZ is mapped to an admin role on SZ which defines the permission.

In 5.x version and above to simplify this deployment,
If you choose "Default Role mapping" AAA users will be automatically mapped to default local user/group permission even if the AAA server does not use mapping attributes.

Reference https://docs.arris.com/bundle/sz-510-adminguide-sz300vsz/page/GUID-B9789B57-C58B-4215-A83A-AC05BA145...



Thanks
Karthik.
Copyright © 2024 Khoros, LLC