Reflexion will be End-of-life on March 31,2023. See Sophos Reflexion EoL FAQs to learn more.

Radius for UTM Webadmin


this solution (downside) don´t wor for me, in the german version there is no sign "Webadmin" under Management (Verwaltung), is there any new solution for using a radius user with microsoft nps? ...from the nps we get an "access acept" what kind of attribute could help?



You have a bit of a problem, but it can be overcome with difficulty.   UTM does not know how to retrieve group membership from RADIUS.

1) Create a new local group.

Definitions & Users... Users & Groups... Groups (tab)... New Group

I will assume the group name is "IT Network Admins".

Group Type is "Static Members". 

2) Navigate to Management... WebAdmin Settings... General (tab)...

Add "IT Network Admins" group to the list of Allowed Administrators.

3) Assuming RADIUS logins do not create a local UTM user, you have to create them manually.

Definitions & Users... Users & Groups... Users (tab)... [New User]... 

Ensure that the UTM username exactly matches the RADIUS username.

Specify Authentication Remote.   

Repeat for each person who will be using 2FA for WebAdmin.

3) Configure membership of the "IT Network Admins".

Return to the group definition and populate it with you admin users.

4) Have the users configure their DUO 2FA settings.

Parents Reply Children
No Data