Remote groups with Radius authentication

Select Serial & Network: Authentication

Select the relevant Authentication Method

Check the Use Remote Groups button

9.1.7Remote groups with RADIUS authentication

Enter the RADIUS Authentication and Authorization Server Address and Server Password

Click Apply.

 Edit the Radius user’s file to include group information and restart the Radius server

When using RADIUS authentication, group names are provided to the console server using the Framed-Filter-Id attribute. This is a standard RADIUS attribute, and may be used by other devices that authenticate via RADIUS.

To interoperate with other devices using this field, the group names can be added to the end of any existing content in the attribute, in the following format:

:group_name=testgroup1,users:

The above example sets the remote user as a member of testgroup1 and users if groups with those names exist on the console server. Any groups which do not exist on the console server are ignored.

When setting the Framed-Filter-Id, the system may also remove the leading colon for an empty field. To work around this, add some dummy text to the start of the string. For example:

dummy:group_name=testgroup1,users:

If no group is specified for a user, for example AmandaJones, then the user will have no User Interface and serial port access but limited console access

Default groups available on the console server include ‘admin’ for administrator access and ‘users’ for general user access

TomFraser	Cleartext-Password := ”FraTom70”
	Framed-Filter-Id=”:group_name=admin:”
AmandaJones	Cleartext-Password := ”JonAma83”
FredWhite	Cleartext-Password := ”WhiFre62”
	Framed-Filter-Id=”:group_name=testgroup1,users:”
JanetLong	Cleartext-Password := ”LonJan57”
	Framed-Filter-Id=”:group_name=admin:”

Additional local groups such as testgroup1 can be added via Users & Groups: Serial &

Network

9.1.8Remote groups with LDAP authentication

Unlike RADIUS, LDAP has built in support for group provisioning, which makes setting up remote groups easier. The console server will retrieve a list of all the remote groups that the user is a direct member of, and compare their names with local groups on the console server.

Note: Any spaces in the group name will be converted to underscores.

_____________________________________________________________________

724-746-5500 blackbox.com

Page 172

Black Box LES144BA, LES1332A, LES1408A, LES1416A Remote groups with Radius authentication, Network

Models: LES1116A LES110BA LES1308A LES1348A LES144BA Value-Line and Advanced Console Servers LES114BA LES1432A LES1332A LES1316A LES1416A LES1208A-R2 LES1132A LES1216A-R2 LES1232A LES1248A-R2 LES1408A