Managing RADIUS

Optional Setup for RADIUS

You can use the commands in the following examples to configure additional security parameters for RADIUS servers. The commands in these examples define a RADIUS server accounting node, the maximum timeout period for RADIUS server reply, and the interval between retries of an authentication request.

The following command defines a RADIUS server accounting node:

LOCAL> CHANGE RADIUS REALM JONAS.COM ACCOUNTING HOST ip-addr

This command defines the maximum timeout for RADIUS server reply:

LOCAL> CHANGE RADIUS TIMEOUT seconds

This command defines how much time elapses before using an alternate server:

LOCAL> CHANGE RADIUS INTERVAL seconds

Setting the INTERVAL variable defines the time period (in seconds) that the system is to wait before repeating an authentication request to an alternate authentication server.

This command causes the realm name to be included as part of a user name sent to the RADIUS server:

Local> CHANGE RADIUS REALM JONAS.COM INCLUDE

Realm name inclusion is used for RADIUS proxy authentication service.

Reference

See the Network Access Server Command Reference for more information on these commands.

Example: Including the Realm Name

If your realm name has to be included when the access server sends messages to the RADIUS server, issue the command shown in the following example:

LOCAL> CHANGE RADIUS REALM JONAS.COM INCLUDE

For most usage, you will not want to include the realm name. If you do, each entry in the RADIUS server’s users file will have to appear as “ user-name@realm-name instead of simply “ user-name”.

If a user has to be called back, this value is derived from User-Service-Type when specified. If it is not specified, then realm defaults/port defaults can apply:

22-14 Managing Access Server Security

Page 460
Image 460
HP NetRider manual Optional Setup for Radius, Example Including the Realm Name, Local Change Radius Timeout seconds