Wireless Access

last person joined: 11 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Controller management access order: internal users and RADIUS server?

This thread has been viewed 2 times

  • 1.  Controller management access order: internal users and RADIUS server?

    Posted Jun 15, 2015 12:10 PM

    Hi all,

     

    Where can I define the order of controller management access identity source? I have setup RADIUS management access but every time I log in as a admin (internal user) it first tries to authenticate using RADIUS and only after failure it checks the internal user.

     

    Is there a way that in management access the internal users would be checked first and only after that the RADIUS and external identity sources?

     

    Many thanks,



  • 2.  RE: Controller management access order: internal users and RADIUS server?

    Posted Jun 15, 2015 12:14 PM

    Hi Friend,

     

    Always strongest authentication first :)



  • 3.  RE: Controller management access order: internal users and RADIUS server?

    Posted Jun 15, 2015 01:07 PM

    HI,

     

    Are you talking about Auth servers ? if so we can change order by using up down buttons as shown in the snapshot.

     

    Mgmt_Auth.png

     

    Please feel free for any further clarity on this.



  • 4.  RE: Controller management access order: internal users and RADIUS server?

    Posted Jun 16, 2015 07:28 AM

    I'm not using Internal database as a authentication server. I have couple of management users statically added as you have "admin" setup in your screenshot.

     

    I have also own user for Airwave and for other NMS to fetch data with SSH from the controllers. They'll also do the failed RADIUS attempt before using "internal" accounts :(   



  • 5.  RE: Controller management access order: internal users and RADIUS server?
    Best Answer

    EMPLOYEE
    Posted Jun 16, 2015 07:31 AM

    Unfortunately this cannot be changed. For security reasons, RADIUS/TACACS+ authentication happens first.



  • 6.  RE: Controller management access order: internal users and RADIUS server?

    Posted Jun 16, 2015 07:37 AM

    That's not good...

     

    But thanks for the answer! Really appreciate it!

     



  • 7.  RE: Controller management access order: internal users and RADIUS server?

    EMPLOYEE
    Posted Jun 16, 2015 07:42 AM
    You can submit a feature request on the idea portal.