Kron PAM GUI Configuration

configurations in the kron pam gui are required as well create users and user groups (see sections manual user creation docid\ npupego5mow ciaizbnhc and user group creation docid\ l fdaxhwreq ntmj6vuje ) create device groups and add new devices to device groups (see sections creating user groups docid\ oiof6fy7ax qmcpw0qkyt and adding devices manually docid\ u3mfufj 8ma6ob8ntb9hl ) create device group realms with the user groups and device groups defined in the previous steps (see section creating device group realms docid cdzpyr1q99ecahqkrfqm ) the devices added in step 2 must correspond to the last destination ip that sends an authentication request to kron pam for example, wireless lan controller, firewall, etc define the authenticator secret key as globalsecretkey on the device group properties (see section device groups properties docid\ lvjco9nbk8mofiutxbvl2 ) navigate to administration > radius 802 1x config click on the radius 802 1x button choose an eap typ e (only peap is currently available) fill in the fields certificate authority pem , certificate private key pem (which includes a certificate and private key), and certificate private key password if dynamic vlan and mac filtering are to be activated, the box(es) should be checked (see section mac filtering configuration docid yn0b7o trwmkme3ugwjm ) vlans can be dynamically assigned by a radius server to applicants requesting 802 1x authentication through that server if dynamic vlan is assigned to applicants, the following 2 settings must be set in kron pam check the dynamic vlan box in the 802 1x config screen the radius attribute policy should be defined on the related user group as vlan interval see section adding radius/tacacs+ attributes docid\ kswrf xtczryrd4r8elai check the add kron pam server to active directory box and fill in the required fields