Tut Systems SMS2000 manual Authentication with Radius, Deleting the authok, Adding a Radius Server

Page 52

Authentication

SMS2000 can substitute subscriber information for replaceable parameters in the URL. For example, here the set authok command is shown using the secret as well as the blockall parameters, and a URL with parameters embedded in it which are handled during the redirect.

sms2000% set authok

http://www.myserver.com/mypath/myscript.cgi?port=$port&host=$host& mac=$mac&group=$group&origurl=$origurl&seq=$seq&sig=$sig secret mysecret blockall

Note: This can be used in conjunction with an OCS to create a free service at slower speeds, selling higher speed services through the SMS2000.

Deleting the authok Page

To delete the URL (forcedweb page) to which a subscriber is automatically redirected when authentication is complete or to which a subscriber connects if authentication is off, use this command:

delete authok

For example, To delete the URL for subscriber access, type:

sms2000% delete authok

Authentication with RADIUS

Note: A RADIUS accounting server must be separately configured if RADIUS accounting is desired.

Adding a RADIUS Server

Use the auth add radius command to configure a RADIUS server as the authentication server for the current group. When a subscriber connects to the SMS2000, he is automatically redirected to a login page, which requires a user name and password. This information is sent to the configured RADIUS server. If the server approves, the subscriber is granted access, and accounting information is automatically sent to the RADIUS accounting server.

Beginning with the 2.3.6 release of SMS software, many RADIUS attributes and additional features have been added.

For example:

•Add multiple RADIUS servers for fault-tolerance

•Add Alias IP addresses for clustered RADIUS Servers

•Configure retransmission, deadtime, and timeout timers

TUT Systems, Inc

Page 52 of 104

P/N 220-06288-20

Image 52

Contents TUT Systems SMS2000 User Guide SMS2000 User’s Guide SMSUser’s Guide Contents Configuring Smtp Configuring NTPConfiguring Snmp Polling Connectivity and TestingAuthentication Configuring the Command Server AuthenticationAuthentication with Radius AuthorizationUsing Rule Priorities Configuring RadiusGroups SMS2000 RulesUsing Both Radius and OCS Authentication Web Proxy SettingsSMS2000 Troubleshooting Procedures SMS2000 Status Attributes and StatisticsList of Tables Radius Attributes in Access-Accept PacketsList of Figures Preface AudienceDocumentation available for this Release Related DocumentationSubscriber Management Features IntroductionIntroduction Subscriber Management Components Subscriber Management ComponentsSMS2000 OCSIntroduction Getting Started User InterfaceAccessing Help for Commands For example restore config web original-confi gIfconfig portnumber ipaddress /masklen Style ConventionsCursor Movement Cursor Motion KeystrokesInitial Configuration Click ConfigureEstablishing a Connection with the SMS2000 Establishing a Connection Via a Serial InterfaceEstablishing a Connection Via Telnet Initial Configuration Changing Your Password Initial ConfigurationSetting the Quick Configuration Disabling Authentication Setting the HostnameSaving the Configuration Verifying the Configuration Rebooting the SystemReboot System Administration Configuration E-Mail SettingsSetting the Default Configuration E-mail Set config-mailrecipient@SMTPserver SMTPserverConfiguration and System File Tools Mailing the Current ConfigurationDeleting the Configuration E-mail Committing Configuration ChangesAutomatically Committing Configuration Changes Disabling Automatic Configuration ChangesCommit auto Commit noautoLoading a Configuration File Saving a ConfigurationRestoring a Previous Configuration Configuring Smtp Restoring the Default ConfigurationSetting the Smtp Server Deleting the Smtp ServerConfiguring NTP Setting the Smtp IDSetting the Timezone Set smtpid on offConfiguring Snmp Polling Configuring the NTP serverSetting the Time Enabling Snmp PollingDisabling Snmp Polling Testing to See if Snmp Polling will WorkSnmp-pollmacaddress Connectivity and Testing Testing ConnectivitySetting Specialized System Options System ToolsSetting and Deleting Static Ports Defining PortsLeftrighthelp ? Port-definition mixed tut vlanDisconnecting a Session on a Port Setting the Syslog ServerEvent Tracking Displaying Log MessagesDisplaying Version Information System Administration ToolsExiting the Management Session Changing a Password Displaying Control KeysPasswd KeysSnmp Management Snmp AgentSnmp System Contact Snmp System LocationSnmp Community Snmp Trap RecipientTroubleshooting Tools System Information ToolsSMS2000% snmp delete trap-recipient Show snmp trap-recipientSubscriber Connectivity Commands UpgradesSetting the ARP Failure Limit Setting the ARP Polling PeriodUpgrading from Tut Systems’ Website Archiving SMS2000 Firmware and distributing it from a ServerReturning to an Older Firmware Version Verifying a Successful UpgradeLoading Another Image System Administration Authentication AuthenticationConfiguring the Command Server Setting the Command Server for OCS InteractionDeleting the Command Server Adding the OCS as the Authentication ServerDeleting an Authentication Server Testing AuthenticationAuth add web url secret secret cmd-serv Auth onSetting the Authentication Interval Bypassing AuthenticationAuth off forcedweb authokurl blockall Auth interval minutes off Setting the Http Request Throttle Http Request Throttle Allow-Nets Deleting the Http Request ThrottleSetting an Allow-Net Set allow-netipaddress netmask dns-nameSetting the Automatic Redirection URL Automatic Redirection URLsDeleting an Allow-Net Set authok urlAuthentication with Radius Deleting the authokAdding a Radius Server Delete authokCommand Syntax DescriptionDefault retrans-primary-only is DefaultUsage Guidelines Example Set nas-port-type integer Set NAS port type parameterSet nas-port-type Testing Authentication on the Radius Server Configuring a Radius SSL Back ChannelShow status radius Show status radius ExampleAuthorization AuthorizationAuthorization Server FunctionalityAccounting AccountingSending Accounting Messages to a Syslog Server Radius Accounting Configuration Configuring Accounting ParametersSending Accounting Messages to a Radius Server Deleting a Radius Accounting ServerProvisioning ProvisioningBilling BillingService Creation Using Groups and Rules GroupsAdding a Group Group add groupname noinherit inherit groupnameSetting the Active Group Context Subscribers that Cannot Support AuthenticationSetting Maximum Users Per Port Deleting a GroupSMS2000 Rules Adding a RuleDeleting a Rule Set rule rulename groupname priority rulestringRule Expression Components IP AddressMAC Address Ip=ipaddress ,netmaskVlan=vlanida-vlanidb Not OperatorTut=ipaddress-linenum*-portnum Operator Or OperatorParenthesis Expression and expressionUsing Rule Priorities IP Addressing IP AddressingPlug and Play With NAT Static Routable Addresses Dhcp PoolsStatic Non-Routable Addresses IP MulticastingIptype default NAT static Dhcp 1to1 1to1Unique Configuring IP TypesUnderstanding 1to1 and 1to1 Unique IP Types Setting a Source-Net Deleting a Configured Source-NetSource-Nets Set source-netstartaddress endaddress subnet-maskSetting the DNS Server Address Creating Dhcp PoolsRemoving a Dhcp Assignment Dhcp-server release macaddressStatic Routes Deleting the DNS Server AddressAdding Routes Set dns add ipaddressPrinting Setting up the LPR HostSet lpr hostname off queuename maxpages maxbytes Configuring Radius Using SMS2000 with a Radius ServerObtaining the Radius Server Software Adding the SMS2000 as a Client on the Radius Server Configuring Service ParametersAdding Users to the Radius Server Using Real IP Addresses Radius PortsSMS2000 NAS File SMS2000 Status Attributes and StatisticsRadius Attributes Sent in Accounting Messages Radius Attributes Sent In Access Request Packets Using Both Radius and OCS AuthenticationRadius Attributes Received in Access- Accept Packets Setting Traffic Shaping Deleting Traffic ShapingShape xbps/rbps Shape xbps/rbps deleteSetting the PMS Server SMS2000 and Property Management Systems PMSProtocol Modes TTY ACK-NAK ENQ-ACK-NAKENQ-ACK-NAK Mode Customizing SMS2000 Web Authentication with Radius Loading and Deleting Customized Web PagesFiles For Groups Loading Web Pages or FilesPath Components Load web url defaultsImage Links Customizing Web Pages UpgradingDeleting Web Pages or Files Preserving the Web FormSize For Web Pages and External Links Web Page RedirectionViewing Customizations Active Page ComponentsReference Configuring Web Proxy Settings Web Proxy SettingsSetting the Wpad Curl Setting the Wpad TimeoutWeb Proxy Server Delete proxy-ports port Set proxy-ports portShow proxy-ports SMS2000 Troubleshooting SMS2000 Troubleshooting ProceduresSnmp Polling Multiple frames openedBrowser Unable to do credit cardVerify OCS screens off LineAppendix a Radius Access-Accept Dictionary File Radius Attributes in Access-Accept PacketsAppendix Appendix TUT Systems, Inc 100 Appendix B Technical Assistance and Customer Support Technical SupportInternet Telephone Equipment Return and RepairAppendix C SMS2000 Limited Warranty Hardware Limited WarrantyLimitations of Warranty Exclusive RemediesElectrical Safety Advisory Tut Systems, Inc., Customer Service DepartmentAssistance FCC Radio Frequency Interference StatementTUT Systems, Inc 104