NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

GB-User's avatar
GB-User
Tutor
Apr 08, 2022
Solved

GC728X using RADIUS authentication

I have cnfigured RADIUS authentication on GC108P and that works fine, I have configured on the GC728X x 2 and have the same issue on both the GC728X'es. I am using the "Direct Connect Web Browser" and not insight. The issue is that RADIUS authenticates I can see it in the RADIUS logs, but it seems to be "Read" only I cannot configure the switch in any way.

 

Can anyone help with this please. I do not have support on the switches anymore and my fear here is that it is a firmware issue I am running the latest version "GC728X Insight Managed 28-Port Gigabit Ethernet Smart Cloud Rackmount Switch with 2 SFP 1G Fiber Ports & 2 SFP+ 10G Fiber Ports, 1.0.5.35, B1.0.0.4"

  • GB-User's avatar
    GB-User
    Apr 08, 2022

    I have manged to fix it, I am using a Synology RADIUS server and LDAP I had to edit the rad_site_def_ldap file and add the following to post-auth

     

    post-auth {
    # ldap
    exec
    Post-Auth-Type REJECT {
    attr_filter.access_reject
    }
    if (User-Name == "YourUser") { update reply { Service-Type = "Administrative-User" } }

4 Replies

  • schumaku's avatar
    schumaku
    Guru - Experienced User
    Apr 08, 2022
    Any related insight on the switch log?

    Provide more details of the Radius and port config on the GC728X please.
    • GB-User's avatar
      GB-User
      Tutor
      Apr 08, 2022

      Thanks for the reply, I have posted the fix in the discussion...

  • GB-User's avatar
    GB-User
    Tutor
    Apr 08, 2022

    I have manged to fix it, I am using a Synology RADIUS server and LDAP I had to edit the rad_site_def_ldap file and add the following to post-auth

     

    post-auth {
    # ldap
    exec
    Post-Auth-Type REJECT {
    attr_filter.access_reject
    }
    if (User-Name == "YourUser") { update reply { Service-Type = "Administrative-User" } }

    • schumaku's avatar
      schumaku
      Guru - Experienced User
      Apr 08, 2022
      The service-type definition for the admin user is required if using Radius for the admin access. It's a part of the manage Device Security - HTTP Authentication List config (https://www.downloads.netgear.com/files/GDC/GC728X/GC728X_XP_GC752X_XP_UM_EN.pdf p.262). It can be set to:

      Local. The user’s locally stored ID and password are used for authentication. Since
      the Local method does not time out, if you select this option as the first method, no
      other method is tried, even if you specified more than one method.

      Radius. The user’s ID and password are authenticated using the RADIUS server. If
      you select Radius as the first method and an error occurs during the authentication,
      the switch uses Method 2 to authenticate the user.

      Tacacs+. The user’s ID and password are authenticated using the TACACS+ server.
      If you select Tacacs+ as the first method and an error occurs during the
      authentication, the switch attempts user authentication Method 2.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More