11-28-2024 12:49 AM
Hello,
I am setting windows NPS for vmanage authentication. Configuration is simple and user are authenticated with radius, but they are placed in Basic group. how do I specify netadmin group on radius?
regards
Solved! Go to Solution.
11-28-2024 01:23 AM
You can configure NPS to send certain radius attributes back depending on the AD group the user authenticating is in.
According to this guide you should send the viptela VSA(41916) "Viptela-Group-Name" attribute back with the "netadmin" string:
But this guide, says you should send VSA Cisco "SD-WAN-Group-Name" attribute.
So I guess it depends on the version you're running, but you either have to send Viptela-Group-Name: netadmin or SD-WAN-Group-Name: netadmin back as an authorization result.
Now it's been a while since I worked with NPS, but if you search for a guide on custom attributes or vendor-specific-attributes you should be able to find a resource that explains the config on NPS side.
11-28-2024 01:23 AM
You can configure NPS to send certain radius attributes back depending on the AD group the user authenticating is in.
According to this guide you should send the viptela VSA(41916) "Viptela-Group-Name" attribute back with the "netadmin" string:
But this guide, says you should send VSA Cisco "SD-WAN-Group-Name" attribute.
So I guess it depends on the version you're running, but you either have to send Viptela-Group-Name: netadmin or SD-WAN-Group-Name: netadmin back as an authorization result.
Now it's been a while since I worked with NPS, but if you search for a guide on custom attributes or vendor-specific-attributes you should be able to find a resource that explains the config on NPS side.
01-07-2025 03:01 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide