beautypg.com

Raritan Computer Raritan TeleReach TR361 User Manual

Page 67

background image

C

HAPTER

4:

A

DMINISTRATIVE

F

UNCTIONS

59

Returning User Group Information via RADIUS

When a RADIUS authentication attempt succeeds, IP-Reach determines the permissions for a given user
based on the permissions of the user’s group.

Your remote RADIUS server can provide these user group names by returning an attribute, implemented as
a RADIUS FILTER-ID. The FILTER-ID should be formatted as follows:

Raritan:G{GROUP_NAME}

where

GROUP_NAME

is a string, denoting the name of the group to which the user belongs.


RADIUS Communication Exchange Specifications

IP-Reach sends the following information to RADIUS server in an authentication query:

A

TTRIBUTE

D

ATA

USER-NAME

The user name entered at the login screen.

USER-PASSWORD

In PAP mode, the encrypted password entered at the login screen.

CHAP-PASSWORD

In CHAP mode, the CHAP protocol response computed from the password and
the CHAP challenge data.

NAS-IP-ADDRESS IP-Reach’s

IP

Address

NAS-IDENTIFIER

The IP-Reach unit name as configured in “Network Configuration” (see previous
section).

NAS-PORT-TYPE

The value ASYNC (0) for modem connections and ETHERNET (15) for network
connections.

NAS-PORT Always

0.

STATE

If this request is in response to an ACCESS-CHALLENGE, the state data from the
ACCESS-CHALLENGE packet will be returned.

PROXY-STATE

If this request is in response to an ACCESS-CHALLENGE, the proxy state data
from the ACCESS-CHALLENGE packet will be returned.


IP-Reach sends the following RADIUS attributes to the RADIUS server with each accounting request:

A

TTRIBUTE

D

ATA

SESSION-TYPE

Either START (1) for log in or STOP (2) for log out.

SESSION-ID

A string containing a unique session name. The name is in the format of “IDENTIFIER>::
Example: “IP-Reach:192.168.1.100:122”

USER-NAME As

above.

NAS-IP-ADDRESS As

above.

NAS-IDENTIFIER As

above.

NAS-PORT-TYPE As

above.

NAS-PORT As

above.

FILTER-ID

Any FILTER-ID attributes returned by the RADIUS server during authentication
will be sent in each accounting request.

CLASS

Any CLASS attributes returned by the RADIUS server during authentication will be
sent in each accounting request.

ACCT-
AUTHENTIC

How the user was authenticated. Either RADIUS (1) if the user was authenticated by
the RADIUS server or LOCAL (2) if the user was authenticated by IP-Reach’s built-
in user name database.

TERMINATE-
CAUSE

If this is a STOP request, the reason the user was terminated. Either
USER_REQUEST (1), LOST_SERVICE (3), SESSION_TIMEOUT (5), or
ADMIN_RESET (6).



See also other documents in the category Raritan Computer Computer Accessories: