ASYNC ROUTER AR-P, AR-5, AND SYNC ROUTER USER’S MANUAL

authent method radius

authent add server hostname_RADIUS_server <a password will be requested here>

config save

3.Verify that the desired Router modem port(s) on the Router is in client mode: Enter the command dialup iface status. For example

dialup modem0 status

On the resulting display, verify that the first word of the third line is “client.” Other values that might appear are “inactive,” “demand” and “demand_backoff.” If it does not say “client,” run config to set this interface to a client, or enter the following command:

dialup iface client

4. Turn on authentication within PPP using one set of the following commands.

pppiface lcp local auth pap config save

or

ppp iface lcp local auth chap config save

5.If necessary, add clients to the RADIUS database. On your RADIUS server, verify that the file /etc/raddb/clients (or /usr/private/etc/raddb/clients) has an entry for each client.

6.Test the configuration for a specific client. Use the authenticate test subcommand to verify that a client and its password are valid in the current Router configuration. On the Router, enter

authenticate test clientname

Provide the password when prompted.

D.2 SecurID Servers

SecurID is a security and authentication system that has two elements. Each user carries a card and also memorizes a password or Personal Identification Number (PIN). To log on, the user must type his or her name, and then enter a passcode consisting of the PIN followed by the number currently displayed on the card. The displayed number changes randomly once every minute. The SecurID server software is called the ACE (Access Control/Encryption) server.

The Router will interoperate with the SecurID authentication scheme over the modem interface only (at this time).

ACE server software and user cards must be purchased from Security Dynamics. For detailed information about how to install and configure the ACE server, contact Security Dynamics.

After the ACE software is installed, follow the next set of instructions to configure the ACE server and the Router to support the SecurID scheme.

106

Page 106
Image 106
Black Box LRA005A-R2, LRS002A-R2, LRA001A-R2 manual SecurID Servers, 106