beautypg.com

Appendix e. radius server configuration, E. radius server configuration – RuggedCom RuggedRouter RX1100 User Manual

Page 331

background image

Appendix E. RADIUS Server Configuration

Revision 1.14.3

331

RX1000/RX1100™

Appendix E. RADIUS Server Configuration

This section describes the configuration procedures for two popular RADIUS servers, "FreeRADIUS"
and the Microsoft Windows "Internet Authentication Service" in order to create and manage accounts
that are able to access resources on RuggedRouter. There are four RADIUS attributes required for
the configuration of accounts to access services on RuggedRouter. The following table shows the
RADIUS attributes required by RuggedRouter for accounts that are designated to use one or more
of the "webmin", "login", "ppp", or "ssh" services:

RADIUS Attribute

webmin

login

ppp

ssh

User ID

required

required

required

required

Password

required

required

required

required

NAS-Identifier

RuggedCom-Privilege-
level

required

Every account to be authenticated on behalf of the RuggedRouter must have a user ID and password.
The RADIUS "NAS-Identifier" attribute may optionally be used to restrict which service an account
may access:

webmin

login

ppp

ssh

Accounts that do not specify a "NAS-Identifier" attribute may access any RuggedRouter service upon
authentication. Accounts may also be defined to have access to one or several services. For more
information on these services on RuggedRouter, please refer to

RADIUS, ROX, and Services

.

A RADIUS attribute specific to RuggedCom, "RuggedCom-Privilege-level", is used by Webmin to
assign specific capabilities to Webmin users on a per-user basis. This attribute must be set for user
accounts designated to access Webmin. Please refer to

Webmin User and Group Fundamentals

for

a complete discussion of privilege levels and their use in ROX. The following information is necessary
to add support for this attribute to the vendor-specific extensions of the chosen RADIUS server:

• RuggedCom uses Vendor number 15004.

• "RuggedCom-Privilege-level" is attribute 2, of type "string".

• "RuggedCom-Privilege-level" must take one of the following three values:

• "admin"

• "operator"

• "guest"

User accounts that require access to Webmin must be assigned a "RuggedCom-Privilege-level".
Accounts that do not require Webmin access access but are to be given shell login or PPP access
do not require the privilege level attribute to be set.

See also other documents in the category RuggedCom Hardware: