topic Re: New LDAP Account Unit and Radius Server in Firewall and Security Management

New LDAP Account Unit and Radius Server

Steve_Pearson — Wed, 17 Sep 2025 14:02:27 GMT

I am looking at testing a new Radius server to replace an existing third party one that is being removed from the environment. The replacement is a Microsoft NPS server, but i'm not overly familiar with this.

So I'm looking for a way to test this without removing or changing the current LDAP Account unit and Radius server objects, hence creating new ones, however i'm not sure the best way forward. Firstly nobody seems to know the password for the SSO account in AD, so that will need to be changed, but hopefully once updated on the existing objects this won't cause a problem. Once thats done, I can create the new ones but not sure how to configure the NPS side.

I've seen articles about configuring it for use with Gaia, but this is for use with Identity Awareness agents so not sure if that will be the same.

Can anyone point me in the right direction or to an SK that details this at all please?

It would also be nice to use encrypted authentication rather than simple PAP.

Thanks,

Steve

Re: New LDAP Account Unit and Radius Server

the_rock — Wed, 17 Sep 2025 23:12:30 GMT

Hey Steve,

I read your post carefully and in my mind, the way Im looking at this is as long as new ldap account unit you create in smart console, if server referenced has connection to the gateway, it can be tested that way, without having to make authentication mandatory, at least for the time being.

Now, since you said no one seems to know SSO password, then making that work in smart console would be an issue. Doing tcpdump on port 1812 would be easiest way to see if this would function, but again, thats only if communication is there, otherwise it will fail.

Lets see if someone else may have an idea.

Andy

Re: New LDAP Account Unit and Radius Server

the_rock — Thu, 18 Sep 2025 22:25:01 GMT

Hey Steve,

I had similar ask today from a customer, but in regards to remote access. I ended up opening TAC case, since I find its always better to have those things in writting. Probably would not hurt if you do the same, hopefully they can provide good suggestions.

Andy

Re: New LDAP Account Unit and Radius Server

Steve_Pearson — Fri, 19 Sep 2025 06:45:36 GMT

Hi Andy,

I was thinking the same thing, but first I wanted to sort the password issue out so I got this reset last night and applied the password to the config. That looks good, no issues reported so far, both RA and IA that use the Account unit are working normally, so I'm going to open a TAC case today to see if they can provide the required info.

Steve

Re: New LDAP Account Unit and Radius Server

the_rock — Fri, 19 Sep 2025 10:37:13 GMT

Good idea Steve!

Re: New LDAP Account Unit and Radius Server

Steve_Pearson — Wed, 01 Oct 2025 09:00:25 GMT

Morning Andy,

I have this sorted now, but have discovered a couple of things you may be interested to know.....

There is a bug in SmartConsole build 671 whereby if you open an account unit object and as much as click on the Object management tab then you can't save any changes you've made. Even if you don't change anything, you will not be able to click OK to come out again as it doesn't read the branches. TAC confirmed this is an issue.

Secondly, SmartConsole does not play nicely if you change the screen scale to anything above 100% in the windows display settings. There is nothing obvious but on certain screens it doesn't display the forms properly. (for example, Cluster properties, Identity Awareness, Identity Agent Settings, Authentication Settings, there is a little table listing the user directories, with Green/Red +/- buttons to the right side. If you have the screen scale above 100% these buttons will not be visible !!)

Regards,

Steve

Re: New LDAP Account Unit and Radius Server

the_rock — Wed, 01 Oct 2025 09:15:18 GMT

Excellent Steve, thanks for letting us know!

Andy

Re: New LDAP Account Unit and Radius Server

the_rock — Wed, 01 Oct 2025 10:03:47 GMT

Btw Steve, I just tested that smart console build in the lab, did not have that issue...I am on win 11.

Andy

Re: New LDAP Account Unit and Radius Server

Steve_Pearson — Wed, 01 Oct 2025 11:49:15 GMT

Which issue were you testing?

I'm on Win 11 SC build 671, on a Dell Pro Max 18 laptop

Re: New LDAP Account Unit and Radius Server

the_rock — Wed, 01 Oct 2025 11:50:47 GMT

What you described below...

Andy