I’d like to setup RADIUS auth for Domain Admins on our router which is Mikrotik RB1100AHx2, so that they can use windows domain credentials.
Here is my configuration:
service=ppp,login called-id=“gw1” domain=“DOMAIN” address=192.168.0.20
secret=“123456” authentication-port=1812 accounting-port=1813
timeout=300ms accounting-backup=no realm=“” src-address=192.168.0.1
[trans@gw1] /user> aaa prin
use-radius: yes
accounting: yes
interim-update: 0s
default-group: read
exclude-groups:
On IAS I created a client with the same secret and IP=192.168.0.1 , and a rule that grants access for Domain see the screenshot attached.
It doesn work, I even cannot find attemps to authenticate to the RADIUS on both the router and the server logs. I tried to connect to web, ssh, ans winbox with my domain credentials.
How can I tell the router that it needs to use radius for this particular user? On cisco is was aaa authentication command that determined the order the router checks submitted credentials?
Should I add a user with the same name to the router? Or it will be counted as a local user?
Thanks in advance!
