User authentication and authorization with AD and Radius in UAG RRS feed

  • Question

  • Hi,

    I have two repository AD and Radius. I want to make Authentication with RADIUS repository than  authorization with AD.

    is it possible? 

    Thursday, May 3, 2012 1:18 PM

All replies

  • Yes, you can provided the username in Radius is the same than the username in AD. There is an option in the authentication repository that says "use a different server for portal authorization". Mark that checkbox and select the AD repository. This way after succesful authentication against Radius UAG will query AD for group membership for a user whose username is the one used in the initial login form. So the only requirement is that the username used for Radius authentication matches the one in AD.

    Hope it helps

    // Raúl - I love this game

    Friday, May 4, 2012 8:07 AM
  • Thanks for reply. I try but When I add the user for authorization I can Log in this user ,  when I add the group for authorization I can not log in the user. When I trace with network monitor . User's  properties does not have memberof attribute.  Whais the mistake?
    Friday, May 4, 2012 10:53 AM
  • Check the configuration of the AD repository: LDAP base search, subfolders and nested groups. Have you authorized a group with direct membership or does the user belong to other group/s that are included in the group?

    // Raúl - I love this game

    Friday, May 4, 2012 11:05 AM