Hello, I am trying to configure RADIUS admin login (via Active Directory NPS server) to the Smartzone. I have been told by Ruckus support that I need to configure each individual Active Directory account on the ZoneDirector under 'Administration - Admins and Roles - Administrators' including the username AND password. This does not make sense to me, because then if the AD account password changes, then I need to manually change the password in the local SmartZone Admin account database also ? Surely this is not the case ? Can someone please assist.
It may be easier if you can set it up using Active Directory type AAA server. If you go that route:
You should be able to define the AD server, then go to Configure > Roles and in the Group Mapping enter the Active Directory security group name that you are going to have admins be a part of. Then while still in the Role select the Allow Zonedirector Administration.
Then after that go to Administer > Preferences and select the Authenticate with Auth Server radio button and pick your auth server. Make sure to set a fallback username/password too!
That will let anyone in that AD group authenticate to the ZD.
The local account in smartzone is used as reference account for privileges. If you change password of account in RADIUS/AD, you don't have to change anything in SZ local user.
AAA server is required to send an attribute back to the SZ that maps the AAA
account to a local admin account on the SZ. Then the local admin account on SZ
is mapped to an admin role on SZ which defines the permission.
In 5.x version and above to simplify this deployment, If you choose "Default Role mapping" AAA users will be automatically mapped to default local user/group permission even
if the AAA server does not use mapping attributes.