Managing RADIUS

Example: Defining Realm Default Authorization Attributes

LOCAL> CHANGE RADIUS REALM JONAS.COM PERMISSIONS (DIALBACK)

LOCAL> CHANGE RADIUS REALM JONAS.COM CALLBACK ENABLED DIALBACK

NUMBER "1-800-555-1111"

Example: Defining Password Authentication Type

LOCAL> CHANGE RADIUS REALM JONAS.COM ACCESS FRAMED

Note

The value NONE should be read as unspecified. This allows the port configuration to determine the access whenever the RADIUS server’s user entry does not specify one or more authorization attribute.

RADIUS User Authorizations

The ultimate value for an authorization attribute may come from one of three sources: the RADIUS server, the realm defaults, or port characteristics, in that order of precedence. The choices for such features are:

1For each RADIUS realm name you define, you can set various authorization attributes for that realm. These values serve as defaults at the realm level. This means, that when a RADIUS user tries to login to the access server, these values will be assigned to authorization attributes if the user entry in the RADIUS server’s users file does not assign a value for the corresponding attribute. If the user does not provide the attribute default in the realm, and the corresponding attribute is not provided in the RADIUS server’s users file, then the access server’s port characteristics are used if they have been previously defined.

2One of the legal settings of the attributes in the realm is NONE. This special value connotes unspecified. In this case, when a user attempts to log in, if the value is not specified in the RADIUS server’s entry for the user name, and has the value NONE in the REALM, then the PORT configuration parameter assigns the corresponding value.

The resulting value may still be unspecified, if the corresponding port characteristic is unspecified or does not exist. Only a portion of the RADIUS authorization attributes have a corresponding realm default or corresponding port attribute.

Managing Access Server Security 22-15

Page 461
Image 461
HP NetRider manual Radius User Authorizations, Example Defining Realm Default Authorization Attributes, Number