Hivemanager Integration with NPS RADIUS for Admin Login

HiveManager Integration with NPS RADIUS for Admin Login

This document describes the steps for configuring HiveManager admin authentication with a Microsoft Windows NPS RADIUS server.

Step 1

Enable RADIUS authentication and create the RADIUS server object in HiveManager. Note the Authentication Type.

Best Practice: For HM Admin Authentication, choose Both. This allows you to log in to HiveManager with a local admin account if the RADIUS server is unavailable.

Create a new RADIUS server object or select a previously existing one. Finalize the settings by clicking Update.

Step 1a

If you need to create a new RADIUS server object, add the IP address of the server and define a shared secret.

Step 2

On the Home > Administration > Admin Groups page, you can use the predefined groups or create new administrative types. Take note of the attribute number. Attributes must be unique, but there are no sequential requirements.

Step 3 On the Microsoft server, create a new group in Active Directory or on the stand-alone server to contain the users for each different group attribute that you want to provide to HiveManager through NPS. Add the appropriate users to your newly configured group or groups.

Step 4 Install NPS if it has not already been installed on your Windows server, and then launch the NPS console.

Step 5 Add HiveManager to NPS as a RADIUS client. Right-click RADIUS Clients, and then select New RADIUS Client.

Step 6 In NPS, create a new connection request policy for HiveManager. Right-click Connection Request Policies, and then click New.

Add a condition, select NAS IPv4 Address from the list, and then click Add. Enter the IP address of your HiveManager. Your result should be similar to the following:

You can then click Next to proceed through the remainder of the Connection Request Policy setup.

Step 7 In NPS, create a new network policy for HiveManager. Right-click Network Policies, and then click New.

Add conditions for your policy. Choose NAS IPv4 Address as you did in the connection request policy and provide it with your HiveManager IP address. Also add the “Windows Groups” you defined previously in Active Directory or on your stand-alone server. The result is a list similar to the one shown below:

Leave all the following settings as they are and accept the defaults.

Step 7a Use the wizard to create a vendor-specific attribute.

The wizard opens these dialog boxes in order as you proceed through these steps.

NOTE: The attribute value entered on this policy must correspond to the admin group ID in HiveManager. This allows the group members defined previously in the Conditions Pane to equate to the admin groups in HiveManager.

After you enter the final attribute value, click OK to exit the three dialog boxes and then close the Add Vendor-Specific Attribute dialog box. Click Next in the Wizard, and then click Finish.

This completes the NPS server setup.

NOTE: You must create a new network policy in NPS for each different admin group you have created in HiveManager. Also, remember that RADIUS server policies are treated like an ACL and are read from top to bottom, applying the first matching rule. If you have a user in multiple groups, the first match in the ACL defines how the user is authenticated.

Step 8 Test your HiveManager RADIUS login.

In HiveManager, an admin group was created with read-only access in the Home and Monitor sections. Notice that the attribute on this test group is 65. Upon a successful login to HiveManager, this is all the user “rusty” is permitted to see: