RADIUS authentication-based login access to cnPilot SSH/GUI APs

Summary: 

This article demonstrates how to use Radius authentication to login in cnPilot E-series devices.

Note: I have used the free radius for this configuration. Any Radius Server like IAS/NPS can be used as per the requirement.

Solution:

Step 1:  Enable the Radius Mgmt Auth and enter the IP of the Radius Serer and Radius Secret key under Configuration >> System >>Management:

Note: Please configure same secret key on the radius server.

Step 2: Ensure that RADIUS server is reachable from the AP by pinging the IP of the Radius server under Troubleshoot >> connectivity:

Step 3: Configuration Required on Radius server:

1. Configure the IP of the AP on the Radius server along with the shared secret key which we configure on the AP under conf file of Radius server as shown in figure below:

3.png

2. Configure the Username and Password on the Radius server which you would like to use to login into the AP under Users file of RADIUS server. For e.g.: I have configured the username as Cambium-station and password as cambium as shown in figure below:

4.png

Step 4: Login to the AP using the username and Password configured on the Radius Server:

5.png

Note: Both Local and Radius authentication will remain active at the same time. Users will be able to login with the admin as username and password configured under Configuration >>System even if the radius authentication is enabled. Hence it is advisable to configure the password other than the default password for security purposes.

2 Likes