SuperMicro IPMI using Windows-based RADIUS (NPS)
I'm struggling to use a Windows-based RADIUS setup (Network Policy Server) with SuperMicro IPMI interfaces.
I've found that I need to add vendor-specific attribute H=4, I=4
(Appendix C in the SuperMicro IPMI manual), but I'm not sure about some of the settings needed to configure the NPS policy:
I think I'm missing the either the Vendor Code or the vendor-assigned attribute number, which both should be a numerical value. The attribute value itself is the H=4, I=4
string.
I found this article looking for advice on how to configure this in NPS. I was able to figure this out, no thanks to SuperMicro support:
Service-Type: Login
Vendor Specific Attribute > Add
Vendor Code: 10876
Yes. It Conforms >
Vendor-assigned attribute number: 1
Attribute format: string
Attribute value: H=4, I=4
the answer from Justin Redenbach helped me to resolve this issue. We use FortiAuthenticator as the RADIUS Server. I've created a new dictionary for the IPMI and imported it as a file:
VENDOR IPMI 10876
BEGIN-VENDOR IPMI
ATTRIBUTE Permissions 1 string BOTH
END-VENDOR IPMI
Then I configured the user to have the attribute values H=4, I=4.
user config in FortiAuthenticator
With this configuration it worked like a charm
Theoretically it should also be possible to add the attribute values directly into the dictionary but for some reason it didn't work. The dictionary should look something like that:
VENDOR IPMI 10876
BEGIN-VENDOR IPMI
ATTRIBUTE Permissions 1 string BOTH
VALUE UserPermissions H=4, I=4 1
END-VENDOR IPMI
I didn't investigate further this problem as adding the values directly to the user worked for me