FAQ-How to configure radius authentication without domain name when asking for credentials

Publication Date:  2016-04-11 Views:  344 Downloads:  0
Issue Description

User administrators are logging on all LAN devices using Radius authentication and all administrators are being part of a specific domain. Customer was looking for a solution by not being forced to add domain when inputting credentials to log in on devices. Although he needed to have domain included when NAC device sends Radius Authentication packets to Radius server.

Solution

There is global default domain for administrators when they are trying login on switches and  the default domain is named default_admin where you do not need to set domain when inputting usernames. If other domain is declared and users are needed to be authenticated by that specific domain you need to add @domain_name in order to the authetication to work. Otherwise the switch will seek to authenticate the users on default_admin.

Solution is to set other domain as defult domain for administrators. Command as below:

[Huawei]domain domain_name admin 

You can set username when logging on the switch without domain and the switch sends the Authentication Request to the Radius server with domain included. 

END