Radius server configuration example (merit), Radius per-command configuration example – Extreme Networks 200 Series User Manual
Page 69
Authenticating Users
Summit 200 Series Switch Installation and User Guide
67
RADIUS Server Configuration Example (Merit)
Many implementations of RADIUS server use the publicly available Merit
©
AAA server application,
available on the World Wide Web at:
http://www.merit.edu/aaa
Included below are excerpts from relevant portions of a sample Merit RADIUS server implementation.
The example shows excerpts from the client and user configuration files. The client configuration file
(
ClientCfg.txt
) defines the authorized source machine, source name, and access level. The user
configuration file (
users
) defines username, password, and service type information.
ClientCfg.txt
#Client Name
Key
[type]
[version]
[prefix]
#----------------
---------------
--------------
---------
--------
#10.1.2.3:256
test
type = nas
v2
pfx
#pm1
%^$%#*(&!(*&)+
type=nas
pm1.
#pm2
:-):-(;^):-}!
type nas
pm2.
#merit.edu/homeless hmoemreilte.ses
#homeless
testing
type proxy
v1
#xyz.merit.edu
moretesting
type=Ascend:NAS v1
#anyoldthing:1234
whoknows?
type=NAS+RAD_RFC+ACCT_RFC
10.202.1.3
andrew-linux
type=nas
10.203.1.41
eric
type=nas
10.203.1.42
eric
type=nas
10.0.52.14
samf
type=nas
users
user
Password = ""
Filter-Id = "unlim"
admin
Password = "", Service-Type = Administrative
Filter-Id = "unlim"
eric Password = "", Service-Type = Administrative
Filter-Id = "unlim"
albert
Password = "password", Service-Type = Administrative
Filter-Id = "unlim"
samuel Password = "password", Service-Type = Administrative
Filter-Id = "unlim"
RADIUS Per-Command Configuration Example
Building on this example configuration, you can use RADIUS to perform per-command authentication
to differentiate user capabilities. To do so, use the Extreme-modified RADIUS Merit software that is
available from the Extreme Networks web server at
http://www.extremenetworks.com/extreme/support/otherapps.htm or by contacting Extreme
Networks technical support. The software is available in compiled format for Solaris
™
or Linux
™
operating systems, as well as in source code format. For all clients that use RADIUS per-command
authentication, you must add the following type to the client file:
type:extreme:nas + RAD_RFC + ACCT_RFC