Compatible Systems A00-1869, Enterprise-8 manual Setting up Radius Authentication

Page 32

Chapter 6 - Basic Configuration Guide

26

Setting up RADIUS Authentication

If you are using a RADIUS server for user authentication, you must set up the IntraPort Enter- prise-8 to communicate with a RADIUS server and also set some special parameters in the RADIUS server itself

Setting the IntraPort Enterprise-8 for a RADIUS Server

Just a few basic settings are required for the IntraPort Enterprise-8 to communicate with a RADIUS server:

Primary server IP address

Secret

VPN password attribute number

VPN group attribute number

CV: Use the RADIUS Configuration Dialog Box.

TB: Use the configure command and set the PrimAddress, Secret, VPNPassword and VPNGroupInfo keywords in the RADIUS section.

RADIUS Server User Authentication Settings

In order for client authentication and accounting to be done on a RADIUS server, the RADIUS server must be configured with four pieces of data for each user.

User name

Login password

Group configuration

Tunnel secret

The user name is kept in the User-Name attribute in the RADIUS server and the login pass- word is kept in the Password attribute. The group configuration is kept in attribute number 77 of the RADIUS database, and the tunnel secret is kept in attribute number 69. These two attribute numbers must be configured in the RADIUS server’s dictionary file.

The RADIUS server will also log the real IP address of the client and the IP address assigned to the client by the IntraPort Enterprise-8 as it begins to account for the client. To use this feature, the two attribute numbers for these two IP address strings must also be configured in the RADIUS server’s dictionary file and in the RADIUS section of the IntraPort’s configura- tion.

The following is an example for a Livingston RADIUS server dictionary file:

ATTRIBUTEClient-Real-IP66 string

ATTRIBUTEClient-Assigned-IP67 string

ATTRIBUTEVPN-Password69 string

ATTRIBUTEVPN-GroupInfo77 string

The following is a sample RADIUS user database entry from a Livingston RADIUS server:

User-Name = corpauser

Password = "radiuslogin"

VPN-Password = "abc"

VPN-GroupInfo = "CorporateA"

After making and saving these changes, you must restart the RADIUS server in order for it to recognize the new settings.

ϖNote: Refer to the user manual for your RADIUS server for the exact format of dictionary and user database entries.

ϖNote: Although MacRADIUS servers offer a GUI, the custom attribute settings will require that you enter users in the Users text file. See the user manual for your server for more infor- mation on exporting, editing and importing the Users text file.

In addition to the RADIUS server settings, the user name, login password and tunnel secret must match the settings for each user in the User Properties window of the VPN Client. The group configuration must match one of the VPN group configurations in the IntraPort Enter- prise-8’s configuration.

Page 31 Page 33
Image 32
Page 31 Page 33
Contents IntraPort Enterprise-8 VPN Access Server Installation Guide Page Network Installation CompatiView Software InstallationCommand Line Management Introduction to the IntraPort Enterprise-8Basic Configuration Guide Shipping DefaultsLED Patterns and Test Switch Settings Appendix a Connector and Cable Pin OutsAppendix F Terms and Conditions IiiLocation of Voltage Switch on the Power Supply IntraPort Enterprise-8 Installation Overview Introduction to the IntraPort Enterprise-8IntraPort Enterprise-8 Manual Overview Warranty and Service Getting StartedFew Notes Please Read the ManualsSupplied with the IntraPort Enterprise-8 Additional Items Needed for InstallationWhat You Will Need to Get Started Mounting Instructions Placement ConsiderationsSafety Guidelines Changing the Power Supply Voltage Settings Parts and ToolsInstalling Mounting Ears and Handles Installing Mounting Ears for a Telco RackRack-Mount Brackets Rack-Mount BracketsRight Bracket Installation Fastening the Right Bracket to the RackLeft Bracket Installation Fastening the Left Bracket to the RackSecuring the Shelf Lowering the ShelfMoving the Unit into the Rack Moving the Unit into a Standard Equipment RackPlacing the Unit in an Equipment Rack Placing the Unit in a Standard Equipment RackSecuring the Unit to the Rack Securing the Unit to the RackNetwork Installation Physical Connection RequirementsConnecting the Server to the Ethernet Detail of Riop CardsPower Alarm Information Connecting a Management ConsolePowering Up the Server CompatiView Software Installation Installation and OperationCompatiView for Windows System RequirementsTransport Protocols and CompatiView Command Line Management Out-of-Band Command Line ManagementSetting Up Telnet Operation Basic Configuration Guide Ethernet Interface ConfigurationIP Settings for Setups in Parallel with a Firewall IP ProtocolIP Settings for Setups Behind a Firewall AppleTalk Protocol Configuring the Server for LAN-to-LAN TunnelsIPX Protocol Configuring the Server for IP and IPX Client Tunnels Required for Client Tunnel ConfigurationsSuggested for Client Tunnel Configurations VPN User DatabaseRadius Server User Authentication Settings Setting up Radius AuthenticationSetting the IntraPort Enterprise-8 for a Radius Server ACE/Server Settings Setting up SecurID AuthenticationSetting the IntraPort Enterprise-8 for an ACE/Server Saving a Configuration File to Flash ROM Ethernet Interfaces Shipping DefaultsDefault Password IntraPort Enterprise-8 LED Patterns IntraPort Enterprise-8 Switch Settings Appendix a Connector and Cable Pin Outs Pin Outs for DB-25 Male to DB-25 Female Console CableAppendix B Downloading Software From Compatible Systems Appendix C Security Dynamics ACE/Server Information Appendix D Adding or Replacing Riop Cards Removing and Replacing an Riop Card or Cover PlateAppendix E When the Over Temp Light Comes On Replacing or Cleaning the Intraport Enterprise-8 Air FilterAppendix F Terms and Conditions Appendix F Terms and Conditions
Top Page Image Contents