CommScope RUCKUS Community Forums

dave_bauman · ‎01-19-2019

I am trying to find documentation on how to properly configure Windows(2016) Server with AD/NPS/Radius to authenticate administrators on our ZD (and eventually SZ) controllers. We are NOT looking to authenticate WiFi users.

Are there any special attributes we need to add? Assuming Service-Type:Login and removing any Framed statements(PPP) Anything else?

dave_bauman · ‎01-20-2019

Update: I've found that the authentication appears to succeed on NPS, but the ZD1200 controller doesn't seem to think so

jukka_somiska · ‎01-21-2019

Hi, have you tried following this guide: https://support.ruckuswireless.com/articles/000008283 ?

dave_bauman · ‎01-21-2019

I've looked at it. The SCG is a bit different than a ZD, but I was able to apply similar principals, no luck though. The Radius test on the ZD works, but logging in does not. My AD/NPS logs show the login as successful

jukka_somiska · ‎01-21-2019

I'd check Roles in ZD configuration, verify that you have Role which allows ZD administration. Since RADIUS test works, verify that user is assigned correct Role. You probably have done it, but also remember to enable external admin authentication under Administration-> Preferences.

If everything looks correct and still not working, then I'd try changing to Active Directory type of authentication profile instead of RADIUS, at least as troubleshooting method narrowing the problem. I've found AD authentication easier to implement, especially if you wan't to allow ZoneDirector admin only for members of specific AD group. I'm currently trying to achieve that on SmartZone platform, without success...

CommScope RUCKUS Community Forums

Zone Director and NPS/Radius for Admin authentication