RuggedRouter™ User Guide

Appendix E – Radius Server Configuration

This section describes how to configure popular radius servers to supply a Vendor- Specific field, “privilege-level”, which is used by Webmin to assign assign specific capabilities to Webmin users on a per user basis. Currently, the only privilege-level is that of “root”, but RuggedCom will be introducing additional levels in upcoming releases.

FreeRadius

The following steps to add Vendor-Specific attributes to the freeradius radius server.

1.Locate your dictionary file (usually in /usr/share/freeradius/).

2.In your dictionary directory, open the file “dictionary” add the line “$INCLUDE dictionary.ruggedcom” to the end of it

3.Create a file “dictionary.ruggedcom” under the dictionary directory containing:

#-*- text -*-

#The RuggedCom Vendor-Specific dictionary.

#Version: $Id: dictionary.RuggedCom,v 1.3.4.1 2005/11/30 22:17:24 aland Exp $

#For a complete list of Private Enterprise Codes, see:

#

#http://www.isi.edu/in-notes/iana/assignments/enterprise-numbers

VENDOR

RuggedCom

15004

 

BEGIN-VENDOR

RuggedCom

 

 

ATTRIBUTE

RuggedCom-Privilege-level

2 string

END-VENDOR RuggedCom

4.Users are assigned by adding lines to the file /etc/freeradius/user. Note that currently, the only privilege-level is that of “root”. For example to assign a

user “john” with a password of “test”, add the following line:

john Auth-Type := Local, User-Password == "test"

4.RuggedCom-Privilege-level = "root"

5.Restart your freeradius server.

Windows Internet Authentication Service

The following steps to configure your IAS server.

1.Create groups used for different privilege level, for example, if the privilege level is root, you can create a group called Radius_RuggedRouter_root. Add the users having this privilege level to this group.

2.Use the New Remote Access Policy Wizard to create a custom policy with the following settings:

Conditions:

NAS-Identifier matches with webmin

Windows-Group matches with the group the user belongs to

274

RuggedCom

Page 276
Image 276
RuggedCom RX1000, RX1100 manual Appendix E Radius Server Configuration, FreeRadius, Windows Internet Authentication Service