× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

GC728X using RADIUS authentication

GB-User
Tutor
Tutor
‎2022-04-08 01:57 AM
‎2022-04-08 01:57 AM

GC728X using RADIUS authentication

I have cnfigured RADIUS authentication on GC108P and that works fine, I have configured on the GC728X x 2 and have the same issue on both the GC728X'es. I am using the "Direct Connect Web Browser" and not insight. The issue is that RADIUS authenticates I can see it in the RADIUS logs, but it seems to be "Read" only I cannot configure the switch in any way.

 

Can anyone help with this please. I do not have support on the switches anymore and my fear here is that it is a firmware issue I am running the latest version "GC728X Insight Managed 28-Port Gigabit Ethernet Smart Cloud Rackmount Switch with 2 SFP 1G Fiber Ports & 2 SFP+ 10G Fiber Ports, 1.0.5.35, B1.0.0.4"

Message 1 of 5
0 Kudos
Reply

Accepted Solutions
GB-User
Tutor
Tutor
‎2022-04-08 03:00 AM
‎2022-04-08 03:00 AM

Re: GC728X using RADIUS authentication

I have manged to fix it, I am using a Synology RADIUS server and LDAP I had to edit the rad_site_def_ldap file and add the following to post-auth

 

post-auth {
# ldap
exec
Post-Auth-Type REJECT {
attr_filter.access_reject
}
if (User-Name == "YourUser") { update reply { Service-Type = "Administrative-User" } }

View solution in original post

Message 3 of 5
0 Kudos
Reply

All Replies
schumaku
Guru Guru
Guru
‎2022-04-08 02:46 AM
‎2022-04-08 02:46 AM

Re: GC728X using RADIUS authentication

Any related insight on the switch log?

Provide more details of the Radius and port config on the GC728X please.
Message 2 of 5
0 Kudos
Reply
GB-User
Tutor
Tutor
‎2022-04-08 03:00 AM
‎2022-04-08 03:00 AM

Re: GC728X using RADIUS authentication

I have manged to fix it, I am using a Synology RADIUS server and LDAP I had to edit the rad_site_def_ldap file and add the following to post-auth

 

post-auth {
# ldap
exec
Post-Auth-Type REJECT {
attr_filter.access_reject
}
if (User-Name == "YourUser") { update reply { Service-Type = "Administrative-User" } }

Message 3 of 5
0 Kudos
Reply
GB-User
Tutor
Tutor
‎2022-04-08 03:01 AM
‎2022-04-08 03:01 AM

Re: GC728X using RADIUS authentication

Thanks for the reply, I have posted the fix in the discussion...

Message 4 of 5
0 Kudos
Reply
schumaku
Guru Guru
Guru
‎2022-04-08 03:55 AM
‎2022-04-08 03:55 AM

Re: GC728X using RADIUS authentication

The service-type definition for the admin user is required if using Radius for the admin access. It's a part of the manage Device Security - HTTP Authentication List config (https://www.downloads.netgear.com/files/GDC/GC728X/GC728X_XP_GC752X_XP_UM_EN.pdf p.262). It can be set to:

Local. The user’s locally stored ID and password are used for authentication. Since
the Local method does not time out, if you select this option as the first method, no
other method is tried, even if you specified more than one method.

Radius. The user’s ID and password are authenticated using the RADIUS server. If
you select Radius as the first method and an error occurs during the authentication,
the switch uses Method 2 to authenticate the user.

Tacacs+. The user’s ID and password are authenticated using the TACACS+ server.
If you select Tacacs+ as the first method and an error occurs during the
authentication, the switch attempts user authentication Method 2.
Message 5 of 5
0 Kudos
Reply
Discussion stats
  • 4 replies
  • ‎2022-04-08 01:57 AM
  • 2339 views
  • 0 kudos
  • 2 in conversation
Announcements