Group Configuration for Active Directory and RADIUS Domains
For authentication to RADIUS or Active Directory servers (using Kerberos), you can individually define AAA users and groups. This is not required, but it enables you to create separate policies or bookmarks for individual AAA users.
When a user logs in, the SMA appliance validates with the appropriate Active Directory or RADIUS server that the user is authorized to login. If the user is authorized, the SMA appliance checks to see if a user exists in the SMA appliance database for users and groups. If the user is defined, then the policies and bookmarks defined for the user applies.
For example, if you create a RADIUS domain in the SMA appliance called “Miami RADIUS server,” you can add users to groups that are members of the “Miami RADIUS server” domain. These usernames must match the names configured in the RADIUS server. Then, when users log in to the portal, policies, bookmarks, and other user settings applies to the users. If the AAA user does not exist in the SMA appliance, then only the global settings, policies and bookmarks applies to the user.
Was This Article Helpful?
Help us to improve our support portal