beautypg.com

Implementing radius remote authentication, Returning user group information via radius, Radius communication exchange specifications – Raritan Computer DKX116 User Manual

Page 50

background image

42

D

OMINION

KX U

SER

M

ANUAL

Implementing RADIUS Remote Authentication

Microsoft Active Directory can be used as source information for RADIUS authentication by installing the
Windows server component Internet Authentication Server.

If you choose RADIUS authentication protocol, complete the RADUIS fields as follows:

Authentication Type: Click on the drop-down arrow to select either CHAP or PAP protocol.

Server UDP Port / Custom UDP Port: Click on the drop-down arrow to select whether you
would prefer using standard RADIUS TCP port 1812, the legacy RADIUS TCP port 1645, or type
in your own user defined port in the Custom UDP Port field.

Remote Accounting / Custom Accounting Port: Click on the check box to send authentication
events to a RADIUS accounting server; if so, type the TCP port should be used for transmitting
events in the Custom Accounting Port.


Returning User Group Information via RADIUS

When a RADIUS authentication attempt succeeds, Dominion KX determines the permissions for a given
user based on the permissions of the user’s group.

Your remote RADIUS server can provide these user group names by returning an attribute, implemented as
a RADIUS FILTER-ID. The FILTER-ID should be formatted as follows:

Raritan:G{GROUP_NAME}

where

GROUP_NAME

is a string, denoting the name of the group to which the user belongs.


RADIUS Communication Exchange Specifications

Dominion KX sends the following information to RADIUS server in an authentication query:

A

TTRIBUTE

D

ATA

USER-NAME

The user name entered at the login screen.

USER-PASSWORD In PAP mode, the encrypted password entered at the login

screen.

CHAP-PASSWORD In CHAP mode, the CHAP protocol response computed from

the password and the CHAP challenge data.

NAS-IP-ADDRESS

Dominion KX’s IP Address

NAS-IDENTIFIER

The Dominion KX unit name as configured in “Network
Configuration” (see previous section).

NAS-PORT-TYPE The value ASYNC (0) for modem connections and

ETHERNET (15) for network connections.

NAS-PORT Always

0.

STATE

If this request is in response to an ACCESS-CHALLENGE,
the state data from the ACCESS-CHALLENGE packet will
be returned.

PROXY-STATE

If this request is in response to an ACCESS-CHALLENGE,
the proxy state data from the ACCESS-CHALLENGE packet
will be returned.

See also other documents in the category Raritan Computer Computer Accessories: