Hi All Techs
this solution (downside) don´t wor for me, in the german version there is no sign "Webadmin" under Management (Verwaltung), is there any new solution for using a radius user with microsoft nps? ...from the nps we get an "access acept" what kind of attribute could help?
You have a bit of a problem, but it can be overcome with difficulty. UTM does not know how to retrieve group membership from RADIUS.
1) Create a new local group.
Definitions & Users... Users & Groups... Groups (tab)... New Group
I will assume the group name is "IT Network Admins".
Group Type is "Static Members".
2) Navigate to Management... WebAdmin Settings... General (tab)...
Add "IT Network Admins" group to the list of Allowed Administrators.
3) Assuming RADIUS logins do not create a local UTM user, you have to create them manually.
Definitions & Users... Users & Groups... Users (tab)... [New User]...
Ensure that the UTM username exactly matches the RADIUS username.
Specify Authentication Remote.
Repeat for each person who will be using 2FA for WebAdmin.
3) Configure membership of the "IT Network Admins".
Return to the group definition and populate it with you admin users.
4) Have the users configure their DUO 2FA settings.
Hallo Burkhard and welcome to the UTM Community!
In 'WebAdmin Settings' where you have a RADIUS user in 'Allowed Administrators', open the RADIUS user in Edit and insert a picture here of the 'Allowed Administrators' box. Also, copy here the lines from aua.log (User Identification) where the user in question was not authenticated.
Cheers - Bob
Sorry, but where can I find the section „WebAdminSettings“ and „Allowed Administrators“ in the german version?
In "Verwaltung" "WebAdmin-Einstellungen" findet man "Zugelassene Administratoren".