beautypg.com

E.1. webmin privilege levels and freeradius, E.2. webmin privilege levels and windows ias, 332 e.2. webmin privilege levels and windows ias – RuggedCom RuggedRouter RX1100 User Manual

Page 332

background image

Appendix E. RADIUS Server Configuration

Revision 1.14.3

332

RX1000/RX1100™

The following two sections illustrate how to add this information to a RADIUS server configuration.

E.1. Webmin Privilege Levels and FreeRADIUS

This section describes how to add RuggedCom Vendor-Specific RADIUS attributes to the
FreeRADIUS "dictionary" so that they may be used in configuring accounts for RuggedRouter.

1.

Locate the FreeRADIUS dictionary files (commonly in the /usr/share/freeradius/ directory on
Linux systems).

2.

In the dictionary directory, open the file named "dictionary", and add the line: "$INCLUDE
dictionary.ruggedcom". Note that there are typically many other vendor attribute dictionary
files included in the main FreeRADIUS dictionary file.

3.

Create a file named "dictionary.ruggedcom" in the dictionary directory containing the following:

# -*- text -*-

#

# The RuggedCom Vendor-Specific dictionary.

#

# Version: $Id: dictionary.RuggedCom,v 1.3.4.1 2005/11/30 22:17:24 aland Exp $

#

# For a complete list of Private Enterprise Codes, see:

#

# http://www.isi.edu/in-notes/iana/assignments/enterprise-numbers

#

VENDOR RuggedCom 15004

BEGIN-VENDOR RuggedCom

ATTRIBUTE RuggedCom-Privilege-level 2 string

END-VENDOR RuggedCom

4.

Create user accounts in the /etc/freeradius/users file. For example, in order to create a user
"john" with a password "test" with "operator" access to Webmin, add the following lines to /
etc/freeradius/users:

john Auth-Type := Local

User-Password == "test",

NAS-Identifier = "webmin",

RuggedCom-Privilege-level = "operator"

5.

Restart your freeradius server.

E.2. Webmin Privilege Levels and Windows IAS

This section describes the steps necessary to configure Microsoft Windows IAS (Internet
Authentication Service) to authenticate Webmin user accounts for RuggedRouter.

1.

Create a group for each privilege level. For example, for the "operator" privilege level, create a
group named RADIUS_RuggedRouter_operator. User accounts needing "operator" privileges
would then be added to this group.

2.

Use the New Remote Access Policy Wizard to create a custom policy with the following
settings:

• Policy conditions:

• NAS-Identifier matches "webmin"

See also other documents in the category RuggedCom Hardware: