Hello,
Our Winbox login over Windows RADIUS is configured to map “Network-Admins” AD group to “full” local group on Mikrotik at login.
This worked perfectly until 6.43 update after which logins still go through but members of “Network-Admins” group get only “read” access which is default group in AAA.
In Mikrotik radius logs “MT-group=full” entry is missing.
Routers with firmware older than 6.43 don’t experience the same issue.
Vendor specific RADIUS configuration on Windows server:
Vendor code: 14988
Under “Configure Attribute”:
Vendor-assigned attribute number: 3
Attribute format: String
Attribute value: full
Related post:
http://forum.mikrotik.com/t/winbox-login-over-windows-server-radius/119343/1
Can anyone can point me in the right direction on how this issue could be solved?
Thanks,
Milos.