Hi Blason R, I actually had implemented the option told by Norbert Bohusch in my environment:
a Windows Server with the NPS role installed on a separate server of the domain controller (I believe putting the NPS in a DC is a big NO-NO).
Also as Norbert says the NPS role is essentially a Radius server, so you have to follow the instructions for "Configuring a RADIUS Server for Administrators" from the Admin Guide:
- Create a Radius Server object with a shared secret on the SmartConsole
- In the NPS server create a Radius Client with the Management/SmartCenter IP address and obviously the same shared secret from above
- Create a Connection Policy with at least a condition (for example the NAS IPv4 address as the IP address of mgmt) with EAP-MSCHAP as authentication method
- Create a Network Policy with also at least the same condition above (but I also configure a condition for the users must be members of an specific AD group)
- Create an administrator on the SmartConsole with a username format like <AD domain>\<AD user> and Radius as authentication method
Then you can login using the <AD domain>\<AD user> as user name and your AD password as password.
Hope it helped