Tut Systems SMS2000 manual Deleting an Authentication Server, Testing Authentication, Auth on

Page 47

Authentication

The auth add web command automatically adds an allow-net to the specified server so that subscribers can be redirected to the allow-net without being intercepted. For more information on allow-nets, see “Allow-Nets” on page 49.

To add a Web server as the authentication server for the current group, use this command:

auth add web url secret secret [cmd-serv]

For this example, the SMS2000 will be configured to authenticate using the OCS server at 192.168.254.249. The shared secret donttell will be used for mutual authentication between the SMS2000 and the OCS. The OCS is treated as a command server by periodically sending it requests for commands. Type:

sms2000% auth add web http://192.168.254.249/pp/welcome.php3 secret donttell cmd-serv

Note: This feature can be used to create an allow-net of sites that are accessable without authentication.

Note: A shared secret is similar to a password.

Deleting an Authentication Server

Use the auth delete command to automatically remove an allow-net for the IP address of the Web server with a 32-bit subnet mask. If the same server is used as theWeb server and the cmd-server, auth delete deletes the cmd-server also.

To delete an authentication server from the current group, use this command:

auth delete {radius serverweb url}

For example, to stop authentication using the Web server with the IP address 192.168.254.249, type:

sms2000% auth delete web 192.168.254.249

Note: If no other servers are configured, authentication for the current group is disabled.

Testing Authentication

To test authentication for the current group without using any specific server, use this command:

auth on

For example, to enable authentication for the current group, type:

sms2000% auth on

TUT Systems, Inc

Page 47 of 104

P/N 220-06288-20

Image 47

Contents TUT Systems SMS2000 User Guide SMS2000 User’s Guide SMSUser’s Guide Contents Connectivity and Testing Configuring SmtpConfiguring NTP Configuring Snmp PollingAuthorization Authentication Configuring the Command ServerAuthentication Authentication with RadiusSMS2000 Rules Using Rule PrioritiesConfiguring Radius GroupsSMS2000 Status Attributes and Statistics Using Both Radius and OCS AuthenticationWeb Proxy Settings SMS2000 Troubleshooting ProceduresList of Figures Radius Attributes in Access-Accept PacketsList of Tables Related Documentation PrefaceAudience Documentation available for this ReleaseIntroduction Subscriber Management FeaturesIntroduction Subscriber Management Components Subscriber Management ComponentsOCS SMS2000Introduction User Interface Getting StartedStyle Conventions Accessing Help for CommandsFor example restore config web original-confi g Ifconfig portnumber ipaddress /masklenCursor Motion Keystrokes Cursor MovementEstablishing a Connection Via a Serial Interface Initial ConfigurationClick Configure Establishing a Connection with the SMS2000Establishing a Connection Via Telnet Initial Configuration Setting the Quick Configuration Initial ConfigurationChanging Your Password Saving the Configuration Setting the HostnameDisabling Authentication Reboot Rebooting the SystemVerifying the Configuration Set config-mailrecipient@SMTPserver SMTPserver System AdministrationConfiguration E-Mail Settings Setting the Default Configuration E-mailCommitting Configuration Changes Configuration and System File ToolsMailing the Current Configuration Deleting the Configuration E-mailCommit noauto Automatically Committing Configuration ChangesDisabling Automatic Configuration Changes Commit autoRestoring a Previous Configuration Saving a ConfigurationLoading a Configuration File Deleting the Smtp Server Configuring SmtpRestoring the Default Configuration Setting the Smtp ServerSet smtpid on off Configuring NTPSetting the Smtp ID Setting the TimezoneEnabling Snmp Polling Configuring Snmp PollingConfiguring the NTP server Setting the TimeSnmp-pollmacaddress Testing to See if Snmp Polling will WorkDisabling Snmp Polling System Tools Connectivity and TestingTesting Connectivity Setting Specialized System OptionsPort-definition mixed tut vlan Setting and Deleting Static PortsDefining Ports Leftrighthelp ?Displaying Log Messages Disconnecting a Session on a PortSetting the Syslog Server Event TrackingExiting the Management Session System Administration ToolsDisplaying Version Information Keys Changing a PasswordDisplaying Control Keys PasswdSnmp System Location Snmp ManagementSnmp Agent Snmp System ContactSnmp Trap Recipient Snmp CommunityShow snmp trap-recipient Troubleshooting ToolsSystem Information Tools SMS2000% snmp delete trap-recipientSetting the ARP Polling Period Subscriber Connectivity CommandsUpgrades Setting the ARP Failure LimitArchiving SMS2000 Firmware and distributing it from a Server Upgrading from Tut Systems’ WebsiteLoading Another Image Verifying a Successful UpgradeReturning to an Older Firmware Version System Administration Authentication AuthenticationAdding the OCS as the Authentication Server Configuring the Command ServerSetting the Command Server for OCS Interaction Deleting the Command ServerAuth on Deleting an Authentication ServerTesting Authentication Auth add web url secret secret cmd-servAuth interval minutes off Setting the Authentication IntervalBypassing Authentication Auth off forcedweb authokurl blockallDeleting the Http Request Throttle Setting the Http Request ThrottleHttp Request Throttle Allow-NetsSet allow-netipaddress netmask dns-name Setting an Allow-NetSet authok url Setting the Automatic Redirection URLAutomatic Redirection URLs Deleting an Allow-NetDelete authok Authentication with RadiusDeleting the authok Adding a Radius ServerSyntax Description CommandUsage Guidelines Example DefaultDefault retrans-primary-only is Set nas-port-type Set NAS port type parameterSet nas-port-type integer Show status radius Example Testing Authentication on the Radius ServerConfiguring a Radius SSL Back Channel Show status radiusServer Functionality AuthorizationAuthorization AuthorizationSending Accounting Messages to a Syslog Server AccountingAccounting Deleting a Radius Accounting Server Radius Accounting ConfigurationConfiguring Accounting Parameters Sending Accounting Messages to a Radius ServerProvisioning ProvisioningBilling BillingGroup add groupname noinherit inherit groupname Service Creation Using Groups and RulesGroups Adding a GroupDeleting a Group Setting the Active Group ContextSubscribers that Cannot Support Authentication Setting Maximum Users Per PortSet rule rulename groupname priority rulestring SMS2000 RulesAdding a Rule Deleting a RuleIp=ipaddress ,netmask Rule Expression ComponentsIP Address MAC AddressTut=ipaddress-linenum*-portnum Not OperatorVlan=vlanida-vlanidb Expression and expression OperatorOr Operator ParenthesisUsing Rule Priorities Plug and Play With NAT IP AddressingIP Addressing Dhcp Pools Static Routable AddressesIP Multicasting Static Non-Routable AddressesUnderstanding 1to1 and 1to1 Unique IP Types Configuring IP TypesIptype default NAT static Dhcp 1to1 1to1Unique Set source-netstartaddress endaddress subnet-mask Setting a Source-NetDeleting a Configured Source-Net Source-NetsDhcp-server release macaddress Setting the DNS Server AddressCreating Dhcp Pools Removing a Dhcp AssignmentSet dns add ipaddress Static RoutesDeleting the DNS Server Address Adding RoutesSet lpr hostname off queuename maxpages maxbytes Setting up the LPR HostPrinting Obtaining the Radius Server Software Using SMS2000 with a Radius ServerConfiguring Radius Adding Users to the Radius Server Configuring Service ParametersAdding the SMS2000 as a Client on the Radius Server Radius Ports Using Real IP AddressesRadius Attributes Sent in Accounting Messages SMS2000 Status Attributes and StatisticsSMS2000 NAS File Radius Attributes Received in Access- Accept Packets Using Both Radius and OCS AuthenticationRadius Attributes Sent In Access Request Packets Shape xbps/rbps delete Setting Traffic ShapingDeleting Traffic Shaping Shape xbps/rbpsSMS2000 and Property Management Systems PMS Setting the PMS ServerTTY ACK-NAK ENQ-ACK-NAK Protocol ModesENQ-ACK-NAK Mode Loading Web Pages or Files Customizing SMS2000 Web Authentication with RadiusLoading and Deleting Customized Web Pages Files For GroupsImage Links Load web url defaultsPath Components Preserving the Web Form Customizing Web PagesUpgrading Deleting Web Pages or FilesWeb Page Redirection Size For Web Pages and External LinksReference Active Page ComponentsViewing Customizations Setting the Wpad Timeout Configuring Web Proxy SettingsWeb Proxy Settings Setting the Wpad CurlWeb Proxy Server Show proxy-ports Set proxy-ports portDelete proxy-ports port SMS2000 Troubleshooting Procedures SMS2000 TroubleshootingUnable to do credit card Snmp PollingMultiple frames opened BrowserLine Verify OCS screens offRadius Attributes in Access-Accept Packets Appendix a Radius Access-Accept Dictionary FileAppendix Appendix TUT Systems, Inc 100 Equipment Return and Repair Appendix B Technical Assistance and Customer SupportTechnical Support Internet TelephoneExclusive Remedies Appendix C SMS2000 Limited WarrantyHardware Limited Warranty Limitations of WarrantyFCC Radio Frequency Interference Statement Electrical Safety AdvisoryTut Systems, Inc., Customer Service Department AssistanceTUT Systems, Inc 104