Returning user group information via radius – Raritan Computer DOMINION KX II DKX2-0E-E User Manual

Page 133

background image

Chapter 8: User Management

119

3. Authentication Port. The default authentication port is 1812; change

as required.

4. Accounting Port. The default accounting port is 1813; change as

required.

5. Timeout (in seconds). The default timeout is 1 second; change as

required. The timeout is the length of time the Dominion KX II waits
for a response from the RADIUS server before sending another
authentication request.

6. Retries. The default number of retries is 3; change as required. This is

the number of times the Dominion KX II will send an authentication
request to the RADIUS server.

7. Global Authentication Type. Select from among the options in the

drop-down list:

ƒ PAP. With PAP, passwords are sent as plain text. PAP is not

interactive; the username and password are sent as one data
package once a connection is established, rather than the server
sending a login prompt and waiting for a response.

ƒ CHAP. With CHAP authentication can be requested by the

server at any time. CHAP provides more security than PAP.

Returning User Group Information via RADIUS

When a RADIUS authentication attempt succeeds, the Dominion KX II
device determines the permissions for a given user based on the
permissions of the user's group.

Your remote RADIUS server can provide these user group names by
returning an attribute, implemented as a RADIUS FILTER-ID. The
FILTER-ID should be formatted as follows:

Raritan:G{GROUP_NAME}

where GROUP_NAME is a string, denoting the name of the group to
which the user belongs.