beautypg.com

Radius server configuration example (merit), Radius per-command configuration example – Extreme Networks 200 Series User Manual

Page 69

background image

Authenticating Users

Summit 200 Series Switch Installation and User Guide

67

RADIUS Server Configuration Example (Merit)

Many implementations of RADIUS server use the publicly available Merit

©

AAA server application,

available on the World Wide Web at:

http://www.merit.edu/aaa

Included below are excerpts from relevant portions of a sample Merit RADIUS server implementation.
The example shows excerpts from the client and user configuration files. The client configuration file
(

ClientCfg.txt

) defines the authorized source machine, source name, and access level. The user

configuration file (

users

) defines username, password, and service type information.

ClientCfg.txt

#Client Name

Key

[type]

[version]

[prefix]

#----------------

---------------

--------------

---------

--------

#10.1.2.3:256

test

type = nas

v2

pfx

#pm1

%^$%#*(&!(*&)+

type=nas

pm1.

#pm2

:-):-(;^):-}!

type nas

pm2.

#merit.edu/homeless hmoemreilte.ses

#homeless

testing

type proxy

v1

#xyz.merit.edu

moretesting

type=Ascend:NAS v1

#anyoldthing:1234

whoknows?

type=NAS+RAD_RFC+ACCT_RFC

10.202.1.3

andrew-linux

type=nas

10.203.1.41

eric

type=nas

10.203.1.42

eric

type=nas

10.0.52.14

samf

type=nas

users

user

Password = ""

Filter-Id = "unlim"

admin

Password = "", Service-Type = Administrative

Filter-Id = "unlim"

eric Password = "", Service-Type = Administrative

Filter-Id = "unlim"

albert

Password = "password", Service-Type = Administrative

Filter-Id = "unlim"

samuel Password = "password", Service-Type = Administrative

Filter-Id = "unlim"

RADIUS Per-Command Configuration Example

Building on this example configuration, you can use RADIUS to perform per-command authentication
to differentiate user capabilities. To do so, use the Extreme-modified RADIUS Merit software that is
available from the Extreme Networks web server at
http://www.extremenetworks.com/extreme/support/otherapps.htm or by contacting Extreme
Networks technical support. The software is available in compiled format for Solaris

or Linux

operating systems, as well as in source code format. For all clients that use RADIUS per-command
authentication, you must add the following type to the client file:

type:extreme:nas + RAD_RFC + ACCT_RFC