D.2 securid servers – Black Box LRA005A-R2 User Manual
Page 106

authent method radius
authent add server hostname_RADIUS_server
config save
3. Verify that the desired Router modem port(s) on the Router is in client mode:
Enter the command dialup iface status. For example
dialup modem0 status
On the resulting display, verify that the first word of the third line is “client.” Other values that might
appear are “inactive,” “demand” and “demand_backoff.” If it does not say “client,” run config to set
this interface to a client, or enter the following command:
dialup iface client
4. Turn on authentication within PPP using one set of the following commands.
ppp iface lcp local auth pap
config save
ppp iface lcp local auth chap
config save
5. If necessary, add clients to the RADIUS database. On your RADIUS server, verify that the file
/etc/raddb/clients (or /usr/private/etc/raddb/clients) has an entry for each client.
6. Test the configuration for a specific client. Use the authenticate test subcommand to verify that a
client and its password are valid in the current Router configuration. On the Router, enter
authenticate test clientname
Provide the password when prompted.
D.2 SecurID Servers
SecurID is a security and authentication system that has two elements. Each user carries a card and also
memorizes a password or Personal Identification Number (PIN). To log on, the user must type his or her
name, and then enter a passcode consisting of the PIN followed by the number currently displayed on
the card. The displayed number changes randomly once every minute. The SecurID server software is
called the ACE (Access Control/Encryption) server.
The Router will interoperate with the SecurID authentication scheme over the modem interface only (at
this time).
ACE server software and user cards must be purchased from Security Dynamics. For detailed
information about how to install and configure the ACE server, contact Security Dynamics.
After the ACE software is installed, follow the next set of instructions to configure the ACE server and
the Router to support the SecurID scheme.