What standard RADIUS attribute is required for authenticating an admin user with RADIUS

Summary:
This article explains the required RADIUS attribute in the RADIUS server for authenticating an admin user with RADIUS
For setting up configuration in cnMatrix switch please refer to the cnMatrix Switch user guide under Security feature, managing RADIUS section

Answer:
Attribute Name : Service-Type
Value : Administrative

Symptom:
When the RADIUS server doesn’t have Attribute Name : Service-Type | Value : Administrative
A user can not log in via GUI ‘ERROR: Unknown user or invalid password’
A user can log in via CLI but is granted only the lowest privilege: will be shown ‘>’ instead of ‘#’ prompt
For example : switchname> vs switchname#

GUI login Error Screenshot:
image

Example Screenshot in Windows NPS(RADIUS Server)

1 Like

@Tom_Lee -

I think this answers half of the question I posted a few months back:

But it doesn’t answer the other half – Is there a way to configure a switch to use RADIUS for admin (ssh & web) authentication using cnMaestro?

I can configure RADIUS servers and secrets through cnMaestro, but could not find a way to make a cnMatrix switch perform RADIUS auth for admin access. I had to manually set it via the local webUI or via CLI and could not find a way to configure this via cnMaestro.

I imagine this RADIUS server settings in cnMaestro were designed for 802.1x auth, but we’re not using that right now… I just want RADIUS for admin logins, ideally with the ability to fall-back to local auth if RADIUS is unavailable.