Possibility to log in into the Hive Manager with active directory ?

  • 1
  • Question
  • Updated 4 years ago
  • Answered
Hello,

Is it possible to login in into the Hive Manager with active directory use (windows AD 2008) instead of define local admin users with differents access on the Hive Manager ( as for the Guest Manager with version 2.2r2) ?
Version of the Hive Manager : 6.1r1
Thanks,


Dom
Photo of Dom

Dom

  • 23 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
You can use your RADIUS server for HiveManager login, so if your RADIUS is integrated with AD (IAS, NPS), then yes.


Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
First, to clarify something.  RADIUS authentication for HiveManager is available for on-premise HiveManager only at this time.  If you have an HMOL account, you can not use RADIUS for HM login.

There are 3 basic steps to enable RADIUS for use with on-premise HM:
1) enable RADIUS authentication in HM.  As a super user in HM, you do this from Home > HiveManager Services > HM Admin Authentication.  Set the source (local, RADIUS, or both), and set the authentication type and RADIUS server address/shared secret.

2) Create a local HM admin group in HM.  Create a new admin group, assign an attribute number (you will need this for the next step), and assign read/write permissions as needed.

3) Configure your RADIUS server to allow the HM to connect to your RADIUS, and set a connection policy that will allow the correct users to login, and so RADIUS will  deliver the necessary attribute value to map to you new admin group.  See here for more details on configuring the correct attribute in NPS.


(Edited)
Photo of Dom

Dom

  • 23 Posts
  • 0 Reply Likes
Thanks

1) I have enable both (local and radius) , I have configured the radius with shared secret
2) I have not created local HM because I will use the super user group or other admin group I have already defined for locally users.
3) I have configured the radius IAS (not yet the attribute) : radius client (Hive Manager) and a remote access policy (with a group of the AD and as MSchap 2) ; but on the event viewer I have this message when I try to log in with a user on the AD :

An Access-Request message was received from RADIUS client (Hive Manager) with a message authenticator attribute that is not valid.

Have you perhaps an idea of the cause of the problem ?
Thanks,







Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
I actually have a guide here that explains all the steps necessary, but I don't have a public link for it.  Drop me an email, and I will send it over.

(firstinitial)(lastname) at aerohive dot com


Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
Just for clarity for the forum, you must deliver a RADIUS attribute from NPS as part of this process. Create a new connection request policy in NPS with a condition for your intended login group, set up the vendor specific attribute (26928, conforms to RFC), and configure the attribute (1, Decimal, your HM admin group number).


Photo of Dom

Dom

  • 23 Posts
  • 0 Reply Likes
Thanks for your useful info Andrew.
It work very good now.
The problem came of the bad configuration of the network policy in NPS.
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
We posted the document on how to integrate on-premise HiveManager with NPS RADIUS here.