Multiple Groups in Radius

ryan.bachman — Sun, 10 Mar 2019 21:41:52 GMT

HI all -

Quick questions that will be easy for all you experts. I am using Juniper Steel-belted Radius for Remote Access Authenticaion off of our Concentrator right now. I want to start deploying 802.1x for vlan assignment and login authentication for the network boxes.

I have been looking around here, and have deducted that Radius has difficulties when you have the same username in multiple groups. Currently, the domain group VPNUSERS is allowing remote access, and that pretty much encompasses all the 1000+ employess for the company. For login authentication, I added a check list for the VPNUSERS (to ensure not everyone can login into my switches) group on the radius server to only allow requests from that of the concentrator, but if I create a new AD group (NETADMINS), put the users that will be allowed to login to the individual network devices, add that group as a user on the radius box, I am receiving an authentication failed error.

Is this because those usernames are currently being denied because those usernames are also a part of the VPNUSERS group, which is failing authentication because the attributes don't match according to the check list? Is there anyway around this without having multiple radius server groups on the network. Thanks for the help.

Re: Multiple Groups in Radius

darpotter — Mon, 07 Aug 2006 07:40:54 GMT

Not all RADIUS servers are created equal... which one are you talking about?

Re: Multiple Groups in Radius

ryan.bachman — Mon, 07 Aug 2006 12:59:47 GMT

Juniper (funk) Steel Belted Radius. v5.02

topic Re: Multiple Groups in Radius in Network Access Control

Multiple Groups in Radius

Re: Multiple Groups in Radius

Re: Multiple Groups in Radius