2 Replies Latest reply on Feb 3, 2012 8:37 AM by cj!

    A way to x-auth without RADIUS, without exposing admin privileges?

    cj! Beta_User

      I commented under the document Configuring Extended Authentication with VPN Mobile Users in AOS with a question, but I'm not sure that will be a good place.  Maybe a discussion would be better?  Are comments about an article a good/acceptable place to ask questions (will it get noticed)?  Original question:

       

      Any way to authenticate mobile VPN connections without an external extended auth server?  We commonly install for small businesses without RADIUS, but often need to require auth.  It seems AOS users can't be grouped into a 'VPN' class, so x-auth against local users will give them admin capability.

       

      Are we missing a feature?  Would it be doable to group local users in a future release?  Even if it's limited to, say, 10 user accounts or something.

        • Re: A way to x-auth without RADIUS, without exposing admin privileges?
          levi Employee

          CJ:

           

          Thanks for your questions.  We prefer you do not comment under the document.  Instead "ask a question" or create a "discussion" and link the document (as you have done in this discussion).

           

          Currently, we can authenticate mobile VPN connections with the local-user list; however, as you mentioned, this will give them administrator access to the ADTRAN unit.  This is the only way we can authenticate mobile VPN users without an external extended authentication RADIUS server.

           

          I will have this suggestion added to our "feature request" list so it can be implemented in a future release.

           

          Levi