Would you like to learn how to configure an APC UPS to authenticate on the Active directory? In this tutorial, we are going to show you how to authenticate the APC UPS users on the Active Directory database using the Microsoft NPS server.
Copyright © 2018-2021 by Techexpert.tips.
All rights reserved. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means without the prior written permission of the publisher.
Equipment list
Here you can find the list of equipment used to create this tutorial.
This link will also show the software list used to create this tutorial.
APC UPS – Playlist:
On this page, we offer quick access to a list of videos related to the APC UPS.
Don’t forget to subscribe to our youtube channel named FKIT.
APC UPS – Related Tutorial:
On this page, we offer quick access to a list of tutorials related to APC UPS.
Tutorial – Radius Server Installation on Windows
• IP – 192.168.15.10.
• Operacional System – Windows 2012 R2
• Hostname – TECH-DC01
• Active Directory Domain: TECH.LOCAL
Open the Server Manager application.
Access the Manage menu and click on Add roles and features.
Access the Server roles screen, select the Network Policy and Access Service option.
Click on the Next button.
On the following screen, click on the Add features button.
On the Role service screen, click on the Next Button.
On the next screen, click on the Install button.
You have finished the Radius server installation on Windows 2012.
Tutorial Radius Server – Active Directory Integration
Next, we need to create at least 1 account on the Active directory.
The ADMIN account will be used to login on the APC UPS web interface.
On the domain controller, open the application named: Active Directory Users and Computers
Create a new account inside the Users container.
Create a new account named: admin
Password configured to the ADMIN user: 123qwe..
This account will be used to authenticate as admin on the APC UPS web interface.
Congratulations, you have created the required Active Directory accounts.
Next, we need to create at least 1 group on the Active directory database.
On the domain controller, open the application named: Active Directory Users and Computers
Create a new group inside the Users container.
Create a new group named: APC-ADMIN
Members of this group will have administrative permission on the APC UPS web interface.
Important! Add the admin user as a member of the APC-ADMIN group.
Congratulations, you have created the required Active Directory group.
Tutorial Radius Server – Add Client Devices
On the Radius server, open the application named: Network Policy Server
You need to authorize the Radius server on the Active directory database.
Right-click on NPS(LOCAL) and select the Register server in Active Directory option.
On the confirmation screen, click on the OK button.
Next, you need to configure Radius clients.
Radius clients are devices that will be allowed to request authentication from the Radius server.
Important! Do not confuse Radius clients with Radius users.
Right click on Radius Clients folder and select the New option.
Here is an example of a Client configured to allow an APC UPS to connect to the Radius server.
You need to set the following configuration:
• Friendly name to the device – Add a description to your UPS.
• Device IP Address – IP address of your UPS.
• Device Shared secret – kamisama123
The Shared secret will be used to authorize the device to use the Radius server.
You have finished the Radius client configuration.
Tutorial Radius Server – Configure a Network Policy
Now, you need to create a Network Polity to allow authentication.
Right click on the Network Policies folder and select the New option.
Enter a name to the network policy and click on the Next button.
Click on the Add condition button.
We are going to allow members of the APC-ADMIN group to authenticate.
Select the User group option and click on the Add button.
Click on the Add Groups button and locate the APC-ADMIN group.
Select the Access granted option and click on the Next button.
This will allow members of the APC-ADMIN group to authenticate on the Radius server.
On the Authentication Methods screen, select the Unencrypted authentication (PAP, SPAP) option.
If the following warning is presented, click on the No button.
Select the Vendor Specific radius attribute option and click on the Add button
Select the Custom vendor option.
Select the Vendor-Specific Attribute and click on the Add button.
Click on the Add button.
Set the Vendor Code: 318
Select: Yes, it conforms.
Click on the Configure Attribute button.
Set the Vendor-assigned attribute number: 1
Select the Atribute format: Decimal
Enter the Attribute Value: 1
The NPS Radius server will pass the vendor specific information back to the UPS device.
The APC UPS will give the authenticated users administrative permission over the device.
Verify the Radius server configuration summary and click on the Finish button.
Congratulations! You have finished the Radius server configuration.
APC UPS – Radius Authentication on Active Directory
First, we need to access the APC UPS web interface.
Open your browser and enter the IP address of the APC UPS.
On the login screen, use the default username and default password.
• Default Username: apc
• Default Password: apc
After a successful login, you will be sent to the APC UPS Dashboard.
Access the Configuration menu, access the Security menu.
Access the Remote users menu and select the Radius option.
Select the primary Radius server.
On the RADIUS Server settings area, perform the following configuration:
• Radius Server – 192.168.15.10
• Port – 1812
• Secret – The Radius Client shared secret (kamisama123)
• Reply Timeout – 1 Second
You need to change IP address of the Radius server.
You need to change the secret.
To test the Radius authentication, select the test option and enter a user account from the Active directory.
After testing the Radius authentication successfully, select the Skip test and apply option.
Access the Configuration menu, access the Security menu.
Access the Remote users menu and select the Authentication option.
Select the option: Radius, then local authentication option.
Click on the Apply button to finish the Radius authentication configuration.
First, the UPS will try to authenticate the users using the Radius server.
If the Radius server is offline, the system will authenticate using the local user accounts.
Congratulations! You have configured the UPS authentication to use the Active directory.
APC UPS – Radius Authentication Test
After finishing the Radius configuration, you should log off the APC web interface.
Try to login using the admin user and the password from the Active directory.
On the login screen, use the admin user and the password from the Active directory.
• Username: admin
• Password: Enter the Active directory password.
If your test succeeds, you will be sent to the APC UPS Dashboard.
Congratulations! You have configured the APC UPS authentication on the Active directory.
