Hive Manager login integration with AD, using AP as Radius Server

  • 1
  • Question
  • Updated 3 years ago
  • Answered
  • (Edited)
Hi,

I'm trying to integrate and authenticate On-premise Hive Manager logins with my AD. I have already setup AAA Server in Hive Manager and my AP is set as a Radius Server, I'm able to authenticate users via HM Test Tools. I have seen the example configuration in this post using NPS as Radius Server. I want to know whether we can use Aerohive AP as a Radius Server instead of Windows NPS and authenticate the HM Logins, if this is possible then kindly let me know the configuration.

I have completed the below steps

1) Setup AAA Server and connect to AD as backend DB.
2) Set Aerohive AP as a Radius Server
3) Set HM logins to "both" (Radius Server & Local DB)

After these settings when I try to login with my AD account I get this error
The login information you entered does not match an account on record. Please
try again.
Photo of Kool_Kid

Kool_Kid

  • 6 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of Kool_Kid

Kool_Kid

  • 6 Posts
  • 0 Reply Likes
bump.. anyone to help on this?
Photo of Rusty Wyatt

Rusty Wyatt, Technical Support Engineer

  • 14 Posts
  • 15 Reply Likes
Kool_Kid,

This configuration is not presently possible.  However, you are able to integrate the HiveManager with an external RADIUS server (such as Microsoft's NPS server).  Instructions for that can be found here.  It is presently not possible with an AP functioning as the RADIUS server because you need to be able to define the authentication method and a set of return attributes to the HiveManager.  There is no facility available in HiveManager to configure the AP RADIUS server to do this at this time.   This, however, it might be a worthwhile feature enhancement.

Rusty
Photo of Paulo Quizora

Paulo Quizora

  • 2 Posts
  • 0 Reply Likes
Thanks for the post Rusty. However, we're having issues implementing  AD integrated login within multiple VHMs. It appears that  "HiveManager Admin Authentication Settings" will only show in one of the VHMs and not the other. Are there any workaround?

Thanks in advance! :)
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
Paulo,

The HiveManager Admin Authentication Settings should only appear in your home VHM, as the settings apply to all VHMs on the HiveManager server.  However, you can still support logins to multiple VHMs in this way by changing the attribute number that is delivered via RADIUS for the a group.

So, if RADIUS delivers attribute 1000 for group 1, configure an admin group in VHM A with attribute 1000.  RADIUS will deliver a different attribute for group 2 (2000), so create an admin group in VHM with attribute 2000.

Just keep in mind that the same RADIUS server is being used for all VHM logins.
Photo of Paulo Quizora

Paulo Quizora

  • 2 Posts
  • 0 Reply Likes
Thanks for the prompt reply Andrew! Not sure If I got you correctly,  but on both VHMs called "home" and "VHM-1", the  default Admin groups called "User Manager Operator" have their unique attributes, that is, 4 and 14 respectively. And using the same RADIUS (NPS) on both VHMs, I have defined the attributes under "Network Policies"...then "Vendor-Specific" with the same value as mentioned, I created one policy to start with but no luck...

Thanks again.