Advisory: Sophos Endpoint - "Your connection isn't private." We're aware of a certificate issue and are actively working to resolve it. Please see: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Radius for UTM Webadmin

Hi  

this solution (downside) don´t wor for me, in the german version there is no sign "Webadmin" under Management (Verwaltung), is there any new solution for using a radius user with microsoft nps? ...from the nps we get an "access acept" what kind of attribute could help?

regards

Burkhard

You have a bit of a problem, but it can be overcome with difficulty.   UTM does not know how to retrieve group membership from RADIUS.

1) Create a new local group.

Definitions & Users... Users & Groups... Groups (tab)... New Group

I will assume the group name is "IT Network Admins".

Group Type is "Static Members". 

2) Navigate to Management... WebAdmin Settings... General (tab)...

Add "IT Network Admins" group to the list of Allowed Administrators.

3) Assuming RADIUS logins do not create a local UTM user, you have to create them manually.

Definitions & Users... Users & Groups... Users (tab)... [New User]... 

Ensure that the UTM username exactly matches the RADIUS username.

Specify Authentication Remote.   

Repeat for each person who will be using 2FA for WebAdmin.

3) Configure membership of the "IT Network Admins".

Return to the group definition and populate it with you admin users.

4) Have the users configure their DUO 2FA settings.



This thread was automatically locked due to age.
Parents
  • Hallo Burkhard and welcome to the UTM Community!

    In 'WebAdmin Settings' where you have a RADIUS user in 'Allowed Administrators', open the RADIUS user in Edit and insert a picture here of the 'Allowed Administrators' box.  Also, copy here the lines from aua.log (User Identification) where the user in question was not authenticated.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hallo Burkhard and welcome to the UTM Community!

    In 'WebAdmin Settings' where you have a RADIUS user in 'Allowed Administrators', open the RADIUS user in Edit and insert a picture here of the 'Allowed Administrators' box.  Also, copy here the lines from aua.log (User Identification) where the user in question was not authenticated.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children