I am trying to find documentation on how to properly configure Windows(2016) Server with AD/NPS/Radius to authenticate administrators on our ZD (and eventually SZ) controllers. We are NOT looking to authenticate WiFi users.
Are there any special attributes we need to add? Assuming Service-Type:Login and removing any Framed statements(PPP) Anything else?
I've looked at it. The SCG is a bit different than a ZD, but I was able to apply similar principals, no luck though. The Radius test on the ZD works, but logging in does not. My AD/NPS logs show the login as successful
I'd check Roles in ZD configuration, verify that you have Role which allows ZD administration. Since RADIUS test works, verify that user is assigned correct Role. You probably have done it, but also remember to enable external admin authentication under Administration-> Preferences.
If everything looks correct and still not working, then I'd try changing to Active Directory type of authentication profile instead of RADIUS, at least as troubleshooting method narrowing the problem. I've found AD authentication easier to implement, especially if you wan't to allow ZoneDirector admin only for members of specific AD group. I'm currently trying to achieve that on SmartZone platform, without success...