Reset Search



How To Login To NetSight Using RADIUS And Assign Users To Groups

« Go Back


TitleHow To Login To NetSight Using RADIUS And Assign Users To Groups
Configure logging into NetSight using a back-end RADIUS server such as NPS
All NetSight platforms
There are two parts to this.

To configure login via RADIUS:
  1. In NetSight, go to Tools > Authorization/Device Access > Users/Groups.
  2. Under User Authentication set the Authentication Method to RADIUS Authentication and select the desired RADIUS server.
  3. Add the user whom you are wanting to login with to the Authorized Users section and assign the user to the desired Authorization Group.
  4. Setup the back-end RADIUS Server so that the user becomes authenticated and the RADIUS sever sends an Accept back to NetSight.

To assign authorized users to a specific group using RADIUS:
  1. From step 3 above, make sure the username has been assigned to the desired Authorization Group.
  2. Setup the RADIUS server to send back a RADIUS attribute for NetSight to key from.
  3. Highlight the applicable group under Authorization Groups and select Edit.
  4. Configure the Membership Criteria to be the RADIUS attribute that is sent back by the RADIUS server.

Examples using the Staff Authorization Group that is key'd off the Staff Filter-Id returned by the RADIUS server:

User-added image

User-added image


Additional notes
Per the Help in NetSight:

With RADIUS Authentication, you can configure dynamic assignment of users to authorization groups based on the attributes associated with a user in Active Directory.

Membership Criteria
When a user is successfully authenticated using LDAP or RADIUS authentication, the Active Directory attributes associated with that user are used to match against this list of criteria to determine membership in the authorization group. The criteria is entered as name=value pairs, for example, department=IT (LDAP) or Service-Type=Framed-User (RADIUS). A user must have the specified attribute with a value that matches the specified value in order to meet the criteria to belong to this group. Multiple name=value pairs may be listed using a semicolon (";") to separate them. However, a user is considered a member of the group if they match at least one of the specified criteria; they do not need to match all of them.



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255