Re: How setup a RV340 with a windows radius server

ManuHof · ‎09-19-2017

I setup a radius server in the users accounts tab of a RV340 router. With doing this it desactivate local users and have not anymore access to the router configuration.

When I try to connect with a user loging having the authorization to access I get an error "Web Login Disabled"

Does anybody have an idea how to deal with that ?

n.hildreth · ‎09-20-2017

I had the same problem when I tried to turn on the LDAP remote authenication service. I set this service up on the router before configuring the LDAP server that the router was connecting to. Suddenly logging into the router wasn't possible - even with the designated Administrator accounts. By my mind this is incorrect behaviour. Locally defined admin access should always be prioritized over remote services for something fundamental like logins.

In my instance I hadn't saved the configuration, so rebooting the router returned access. However I also noticed severing the connection to the remote LDAP server (or turning it off) gave me access again via the local user database as well.

ManuHof · ‎09-20-2017

Thank you for your help!
Luckily I had made the same choice as you not to save the config, and after rebooting I had access again.
Do you know what is to change in the configuration to have access to the Web Login with Radius or LDAP external accounts ?

Josef Krivsky · ‎08-16-2018

Hello

I had also this issue. Order of authentication is mentioned in Administration guide, so no surprise for me. Router is using PAP method for authentication which must be set up on radius server. Unfortunately it is not mentioned that server is expecting user group to be received from radius from Class (25) attribute. So simply create on router correct group with rights to web login and on radius Class attribute with name of this group as value. This will do the trick. (thanks to Cisco support)

Somewhere on the web I also found that it is required to set attribute Cisco to value "Shell:priv-lvl=15" and Service-type to Administrative but I did not find it necessary.

chamel123 · ‎01-10-2019

Create a user group named 'default' in your router and grant that group access to web login

Stange behavior but it worked for me

OmarAmer05532 · ‎05-14-2020

This worked for me only when setting up the VPN Access with (Class 25) on radius. Group on the router must match the one in Active Directory with no spaces is the key.

I'm On a RV345P

So i thought, why not take it a step further for web logons now that i know it needs class 25 and create 2 groups on the router for web logon if the user doesn't exist in the local DB. 1 group for web admin, 1 group for web read only and set the secondary logon for web as Radius.

Neither group works with using radius. I get a Web Logon Disabled regardless of class 25, the shell command attribute, or any other setting i tinker with etc etc.

So I verified the group on the router works by adding a local user to the group and it does. so Something in radius is not spewing the right data back or something to the weblogon service on the router.

Shame that it doesn't work that easily as it did for my VPN radius confg.