Hi Jens,

The documentation mentions that usage of RADIUS necessitates a matching DMA user on the system. This means that there’s 2 main ways of using RADIUS with DataMiner.

1. RADIUS with local users
   This is what you’re currently pursuing I believe.
   In this scenario RADIUS has an underlying user directory that is entirely separate from DataMiner. Here you have to create local users on the DataMiner for which the username matches the one that is used for authenticating with RADIUS.
   The password that you assign the local user on creation can differ from the one in RADIUS and is redundant. The local user can not login with this password unless the RADIUS configuration is removed from the DataMiner and the system restarted. So it’s still a good idea to give this a proper strong password as it allows a fallback in case of an outage on the RADIUS server.
   When logging into DataMiner, the credentials given will be checked against the RADIUS and the username of the RADIUS user will be used to lookup the matching username of the local user.
2. RADIUS with LDAP/AD
   If DataMiner is configured to import users through a User Directory then the RADIUS server can be configured to make use of the same directory. The configuration of this varies based on the RADIUS server software that is used.
   This way you can just import the users without needing to create matching local users. DataMiner will then match the domain/username from the credentials used to login to the domain/username that was imported from the directory.

On our next pass through the documentation we’ll update this segment to clarify this some more. I’ll make a task for this on our backlog.

With Kind Regards,