Reset Search
 

 

Article

How To Login To NetSight Using RADIUS And Assign Users To Groups

« Go Back

Information

 
TitleHow To Login To NetSight Using RADIUS And Assign Users To Groups
Objective
Configure logging into NetSight using a back-end RADIUS server such as NPS
Environment
All NetSight platforms
Procedure
There are two parts to this.

To configure login via RADIUS:
  1. In NetSight, go to Tools > Authorization/Device Access > Users/Groups.
  2. Under User Authentication set the Authentication Method to RADIUS Authentication and select the desired RADIUS server.
  3. Add the user whom you are wanting to login with to the Authorized Users section and assign the user to the desired Authorization Group.
  4. Setup the back-end RADIUS Server so that the user becomes authenticated and the RADIUS sever sends an Accept back to NetSight.

To assign authorized users to a specific group using RADIUS:
  1. From step 3 above, make sure the username has been assigned to the desired Authorization Group.
  2. Setup the RADIUS server to send back a RADIUS attribute for NetSight to key from.
  3. Highlight the applicable group under Authorization Groups and select Edit.
  4. Configure the Membership Criteria to be the RADIUS attribute that is sent back by the RADIUS server.

Examples using the Staff Authorization Group that is key'd off the Staff Filter-Id returned by the RADIUS server:

User-added image


User-added image





 


 
Additional notes
Per the Help in NetSight:

With RADIUS Authentication, you can configure dynamic assignment of users to authorization groups based on the attributes associated with a user in Active Directory.

Membership Criteria
When a user is successfully authenticated using LDAP or RADIUS authentication, the Active Directory attributes associated with that user are used to match against this list of criteria to determine membership in the authorization group. The criteria is entered as name=value pairs, for example, department=IT (LDAP) or Service-Type=Framed-User (RADIUS). A user must have the specified attribute with a value that matches the specified value in order to meet the criteria to belong to this group. Multiple name=value pairs may be listed using a semicolon (";") to separate them. However, a user is considered a member of the group if they match at least one of the specified criteria; they do not need to match all of them.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255