Showing results for 
Search instead for 
Do you mean 
Reply
Highlighted
Cambium Employee
Posts: 1
Registered: 4 weeks ago

SM_ADMIN User privilege level for radius server based authentication

[ Edited ]

New user level privilege(SM_ADMIN) has been added for radius based authentication which provides different roles in AP and SM.


User can be added to radius server with Cambium-Canopy-UserLevel as 6 which is SM_ADMIN and this user can have readwrite access in SM and readonly access in AP.


This feature is available from 15.1.1.

 

CONFIGURATION:
AP and SM should be configured to use radius server for authentication.

AP:

radiusCapture.PNG

 

SM:radiusCapture_SM.PNG

 

In freeradius server, Open /etc/freeradius/user and add the user

 

Example-1: BS ReadOnly and CPE ReadWrite
In this example UserMode is set as 0 which is readwrite, but since Userlevel is SM_ADMIN(6), user1 will have readonly access in AP and readwrite access in SM

 

Text to be added in /etc/freeradius/user:

"user1" Cleartext-Password := "Cambium123"
Cambium-Canopy-UserLevel = "6",
Cambium-Canopy-UserMode = "0

 

AP:

AP_user1.PNG

 

 

 

SM:

 

SM_user1.PNG

 

 

Example-2: BS ReadOnly and CPE ReadOnly
Here usermode is set as 1 which is readonly, so user2 will have readonly access in both AP and SM.

 

Text to be added in /etc/freeradius/user:

"user2" Cleartext-Password := "Cambium123"
Cambium-Canopy-UserLevel = "6",
Cambium-Canopy-UserMode = "1"

 

AP:

 

AP_user2.PNG

 

SM:

 

SM_user2.PNG

 

 

Example-3: BS ReadOnly and CPE ReadWrite
Here since usermode is not specified, it will take the default usermode which is readwrite. This is similar to Example 1.

 

Text to be added in /etc/freeradius/user:

"user3" Cleartext-Password := "Cambium123"
Cambium-Canopy-UserLevel = "6"

 

AP:

AP_user3.PNG

 

SM:

 

SM_user3.PNG

 

Example-4: BS ReadWrite and CPE ReadWrite
Now if we want the user to have readwrite access in both AP and SM, UserLevel should be changed to administrator(3)

 

Text to be added in /etc/freeradius/user:

"user4" Cleartext-Password := "Cambium123"
Cambium-Canopy-UserLevel = "3",
Cambium-Canopy-UserMode = "0

 

AP:

AP_user4.PNG

 

SM:

SM_user4.PNG