02-10-2015 01:55 PM
We are setting up a DDI server for the first time. We have a freeradius server. We have set up authentication (username/password), but are stuck getting the RADIUS server to supply a group.
Sound familiar to anyone?
02-11-2015 09:49 AM
In order for a remote admin to successfully log in to Grid Manager via RADIUS:
- The RADIUS server must ACCEPT the login credentials.
- The RADIUS server must return the name of a Group, e.g.
Infoblox-Group-Info = "mygroup", in the Access-Accept.
- The named group must exist in NIOS.
- The named group must be listed underneath "Map the remote admin group to the local group in this order" in Administration > Administrators > Authentication Policy.
- The named group must have GUI login privileges.
Note that the username does not need to be configured anywhere in NIOS, though it does get stored for a period of time after a successful login (to keep track of user profile settings).
I use Radiator, not freeradius, so I can't help with the specifics of how to get freeradius to return that attribute, but hopefully knowing that that's what you need to do will help. FWIW, my Radiator dictionary defines the attribute like this:
VENDORATTR 7779 Infoblox-Group-Info 9 string