Appendix E Radius Server Configuration | RuggedCom RX1000, RX1100

RuggedRouter™ User Guide

Appendix E – Radius Server Configuration

This section describes how to configure popular radius servers to supply a Vendor- Specific field, “privilege-level”, which is used by Webmin to assign assign specific capabilities to Webmin users on a per user basis. Currently, the only privilege-level is that of “root”, but RuggedCom will be introducing additional levels in upcoming releases.

FreeRadius

The following steps to add Vendor-Specific attributes to the freeradius radius server.

1.Locate your dictionary file (usually in /usr/share/freeradius/).

2.In your dictionary directory, open the file “dictionary” add the line “$INCLUDE dictionary.ruggedcom” to the end of it

3.Create a file “dictionary.ruggedcom” under the dictionary directory containing:

#-*- text -*-

#The RuggedCom Vendor-Specific dictionary.

#Version: $Id: dictionary.RuggedCom,v 1.3.4.1 2005/11/30 22:17:24 aland Exp $

#For a complete list of Private Enterprise Codes, see:

#

#http://www.isi.edu/in-notes/iana/assignments/enterprise-numbers

VENDOR	RuggedCom	15004
BEGIN-VENDOR	RuggedCom
ATTRIBUTE	RuggedCom-Privilege-level		2 string

END-VENDOR RuggedCom

4.Users are assigned by adding lines to the file /etc/freeradius/user. Note that currently, the only privilege-level is that of “root”. For example to assign a

user “john” with a password of “test”, add the following line:

john Auth-Type := Local, User-Password == "test"

4.RuggedCom-Privilege-level = "root"

5.Restart your freeradius server.

Windows Internet Authentication Service

The following steps to configure your IAS server.

1.Create groups used for different privilege level, for example, if the privilege level is root, you can create a group called Radius_RuggedRouter_root. Add the users having this privilege level to this group.

2.Use the New Remote Access Policy Wizard to create a custom policy with the following settings:

Conditions:

NAS-Identifier matches with webmin

Windows-Group matches with the group the user belongs to

274

RuggedCom

Image 276

RuggedCom RX1000, RX1100 manual Appendix E Radius Server Configuration, FreeRadius, Windows Internet Authentication Service

Contents

RuggedRouter Ruggedrouter User Guide How To Use This User Guide About this User GuideApplicable Firmware Revision Who Should Use This User Guide Document Conventions Quick Start Recommendations Basic Web Based Configuration Additional Configuration About this User Guide Table Of Contents Table Of Contents RuggedRouter User Guide 100 114 144 Page Table Of Contents Page 241 Page RuggedRouter Setup Main Menu Table Of Figures Scheduled Commands Displaying a Command T1/E1 Network Interfaces After Interface Creation Adsl Link Statistics Show Public Key Link Backup Status 162 Raw Socket Menu IRIGB/IEEE1588 General Configuration menu 230 255 IAS Window Edit Profile 282 Setting Up And Administering The Router Access MethodsAccounts And Password Management Default Configuration Accessing The RuggedRouter Command Prompt RuggedRouter Setup ShellConfiguring Passwords From the Console Port Configuring IP Address Information Setting The HostnameConfiguring Radius Authentication Radius Server Configuration menu Enabling And Disabling The SSH and Web Server Configuring The Date, Time And Timezone Enabling And Disabling The Gauntlet Security Appliance Displaying Hardware Information RuggedRouter Hardware Information Menu Restoring a Configuration Selecting a configuration to reload Using a Web Browser to Access the Web Interface RuggedRouter Web InterfaceSSL Certificate Warnings Structure of the Web Interface RuggedRouter Web Interface Main Menu Window Using The LED Status Panel LED Status Panel Obtaining Chassis Information LED Name Description Webmin Configuration Webmin Configuration MenuIP Access Control Ports And Addresses Change Help Server Webmin Configuration Menu, Logging Logging Authentication Webmin Configuration Menu, Authentication Webmin Events Log Webmin Events Log This page intentionally blank Configuring The System Bootup And Shutdown Change Password Command Scheduled Commands Scheduled Commands Displaying a Command Scheduled Cron Jobs Webmin Scheduled Cron Jobs System Hostname System Time Configuring Networking Network Configuration Core Settings Dummy Interface Default Route Table Configured Static RoutesRouting And Gateways Manually Entered Static Routes Static Multicast Routing Static Multicast Routing End To End Backup DNS ClientHost Addresses Page Configuring End To End Backup Current Routing & Interface Table Configuring Ethernet Interfaces Ethernet Interface FundamentalsVlan Interface Fundamentals LED Designations PPPoE On Native Ethernet Interfaces Fundamentals RuggedRouter Functions Supporting VLANs Ethernet Ethernet Interfaces Editing Currently Active Interfaces Editing a Network Interface Edit Boot Time Interfaces Virtual InterfacesVirtual Lan Interfaces PPPoE On Native Ethernet Interfaces List PPPoE Interfaces Edit PPPoE Interface Editing a PPPoE Interface PPP Logs Current Routes & Interface Table Configuring Frame Relay/PPP And T1/E1 T1/E1 FundamentalsFrame Relay T1/E1 Location Of Interfaces And LabelingIncluded With T1E1 T1/E1 Network Interfaces Strategy For Creating Interfaces Editing a T1/E1 Interface Naming Of Logical Interfaces T1 Settings E1 Settings Editing a Logical Interface Frame Relay Frame Relay Link Parameters Editing a Logical Interface PPP Frame Relay DLCIs T1/E1 Statistics Link Statistics Frame Relay Interface Statistics Frame Relay Statistics PPP Interface Statistics PPP Link Statistics T1/E1 Loopback T1/E1 Loopback Menu Upgrading Software Upgrading Firmware Configuring Frame Relay/PPP And T3 T3 Fundamentals T3 Configuration T3 Network Interfaces Editing a T3 Interface Edit T3 Interface T3 Statistics Upgrading Software Page Configuring Frame Relay/PPP DDS Fundamentals DDS Configuration DDS Network Interfaces Edit Logical Interface Frame Relay, single Dlci DDS Statistics DDS Link Statistics DDS Loopback Frame Relay And PPP Interface StatisticsPage Configuring PPPoE/Bridged Mode On PPPoE/Bridged Mode FundamentalsAdsl Fundamentals Authentication, Addresses and DNS Servers PPPoE MTU IssuesBridged Mode Adsl Configuration Adsl Network InterfacesEditing a Logical Interface PPPoE Editing a Logical Interface Bridged Edit Logical Interface Bridged Adsl Statistics Adsl Link Statistics Current Routes & Interface Table Configuring PPP and Modem PPP Mode FundamentalsWhen the Modem Connects Modem Fundamentals Modem Configuration Modem Main Menu Blind dial Modem PPP Client Connections Modem PPP Client Modem PPP Server Modem Incoming Call Logs Modem PPP Logs PPP Logs Modem PPP Connection Logs PPP Connection LogsPage Configuring The Firewall Firewall FundamentalsStateless vs Stateful Firewalls Linux netfilter, iptables And The Shoreline Firewall Network Address Translation Shorewall Quick Setup Port Forwarding ShoreWall Terminology And Concepts ZonesInterfaces Hosts Policy Masquerading And Snat Interface Subnet Address Protocol Ports Rules Reject Configuring The Firewall And VPN Route Based Virtual Private Networking Policy Based Virtual Private Networking Virtual Private Networking To a DMZ Firewall Main Menu Starting Shorewall Firewall Menu Shorewall Firewall Menu Network Zones Network Interfaces Editing a Firewall Network Interfaces Network Zone Hosts Firewall Zone Hosts Default Policies Masquerading Firewall Rules Editing a Masquerading Rule Static NAT Static NAT Actions When Stopped Creating a Static NAT EntryPage Page Configuring An IPsec VPN VPN FundamentalsIPsec Modes Policy Vs Route Based VPNs Supported Encryption Protocols Public Key And Pre-shared Keys Other Configuration Supporting IPSec X509 CertificatesNAT Traversal Openswan Configuration Process VPN Main Menu Before Key GenerationVPN Main Menu IPsec and Router InterfacesPage Server Configuration IPsec VPN Configuration After Connections Have Been Created Public Key Preshared Keys List Certificates VPN ConnectionsIPsec VPN Connection Details Page Left/Right Systems Settings Export Configuration Showing IPsec Status IPsec Status IPSec X.509 Roaming Client Example Select a Certificate Authority VPN Networking Parameters Client Configuration Router IPSec ConfigurationGenerate X.509 Certificates Firewall IPSec Configuration Ethernet Port ConfigurationPage Configuring Dynamic Routing Quagga, RIP and OspfRIP Fundamentals Ospf Fundamentals Key Ospf And RIP ParametersLink State Advertisements Network Areas Active/Passive Interface Default Router-IDHello Interval and Dead Interval Redistributing Routes Configuring Ospf Link Costs Ospf AuthenticationRIP Authentication Link Detect Administrative Distances Ospf And Vrrp Example Network Area And SubnetsVrrp Operation Enable Protocols Dynamic Routing Core Core Global ParametersCore Interface Parameters View Core Configuration Ospf Ospf Global ParametersPage Ospf Interfaces Ospf Interfaces View Ospf Configuration Ospf Network AreasOspf Status RIP Global Parameters RIP Global Parameters RIP Interfaces RIP Key Chains RIP Networks RIP Networks View RIP Configuration RIP StatusPage Configuring Link Backup Link Backup FundamentalsPath Failure Discovery Link Backup Main Menu Link Backup ConfigurationUse Of Routing Protocols And The Default Route Edit Link Backup Configuration Link Backup Logs Link Backup StatusTest Link Backup Page Page Configuring Vrrp Problem With Static RoutingVrrp Solution Vrrp Fundamentals Vrrp Example Page Vrrp Configuration Vrrp Main Menu Editing a Vrrp Instance Vrrp Instance Viewing Vrrp Instances Status Vrrp Instances Status Configuring Traffic Prioritization Traffic Prioritization FundamentalsPriority Queues Filters TOS Prioritization Included With Traffic Prioritization Prioritization Example Traffic Prioritization Main Menu Interface Prioritization Menu Prioritization Queues Prioritization FiltersPrioritization Transmit Queue Length Prioritization Statistics Prioritization Statistics Configuring Generic Routing Encapsulation GRE Fundamentals GRE Configuration Menu GRE Main MenuPage Network Utilities Network Utilities Main Menu Ping Menu Traceroute Menu Host Menu Trace MenuTcpdump a Network Interface Frame Relay Link Layer Trace a WAN Interface Serial Trace a Serial Server Port Interface Statistics Menu Interface Statistics Menu Current Routing & Interface Table Current Routing & Interface Table Interface Status Page Configuring Serial Protocols Serial IP Port Features Serial Protocols Applications Character EncapsulationRTU Polling Broadcast RTU Polling Serial Protocols Concepts And Issues Host And Remote RolesUse Of Port Redirectors Message Packetization Use of Turnaround Delays Serial Protocols Main Menu Port Settings Menu Assign Protocols MenuRawSocket Menu Page Protocol Specific Packet Error Statistics Serial Protocols Statistics Menu Serial Protocols Trace Menu Serial Protocols Trace Menu Serial Protocols Sertrace Utility Is providedPage Configuring Goose Tunnels IEC61850 Goose FundamentalsLayer 2 Tunnel Daemon Details Layer 2 Tunnels Main Menu Layer 2 Tunnels Main Menu General Configuration Menu Goose Tunnels Menu Goose Statistics Menu Activity Trace MenuPage Page Configuring The Dhcp server Dhcp FundamentalsDhcp Network Organizations Dhcp Client OptionsPage Option 82 Support with Disable NAK Example Dhcp Scenarios And Configurations Single Network With Option82 Clients On One SwitchSingle Network With Dynamic IP Assignment Single Network With Static IP AssignmentPage Page Dhcp Server Main Menu Dhcp Server Menu Dhcp Shared Network Configuration Dhcp Shared Network Configuration Dhcp Subnet Configuration Dhcp Subnet Configuration Dhcp Group Configuration Dhcp Host Configuration Dhcp Pool Configuration Dhcp Pool Configuration Configuring NTP NTP Fundamentals NTP Sanity Limit NTP And The Precision Time Protocol CardIncluded With NTP NTP Server Main Menu Generic Options Servers Configuration Peers Configuration Viewing The NTP Status Viewing The NTP Log Viewing The GPS Status Viewing The GPS Log Configuring SSH SSH FundamentalsIncluded With SSH SSH Main Menu SSH Server Access Control NetworkingPage Configuring Irigb And IEEE1588 IEEE1588 FundamentalsPTP Network Roles PTP Master Election Irigb Fundamentals Synchronizing NTP from IEEE1588Irigb Output Formats GPS Cable compensation Reference ClocksHow The Router Selects a Reference Clock General Configuration IRIGB/IEEE1588 Main Menu Irigb Configuration IEEE1588 Configuration Irigb Status IEEE1588 Status Irigb Log Page Configuring The Snort IDS Snort FundamentalsWhich Interfaces To Monitor Snort Rules Global Configuration Snort IDS Main MenuPerformance And Resources Network Settings RulesetsRule Lookup by SID PreProcessors Alerts & Logging Edit Config File Maintaining The Router Alert SystemAlert Menu Alert Configuration Alert Configuration Menu Alert Filter Configuration Alert Definition Configuration Change Alert Definition Page Gauntlet Security What And How Gauntlet ProtectsGauntlet And The Firewall Gauntlet Status Menu Upgrading Gauntlet Backup And Restore System Backup And Restore General Configuration Setup Archive Backup Archive History Archive Restore Archive Difference Tool Archive Differences List Snmp Configuration Show Difference for selected file between two targets Snmp Configuration Main Menu System ConfigurationNetwork Addressing Configuration Access Control page, Snmp V1 and V2c 250 RuggedCom Trap Configuration Trap Configuration page, Trap Options MIB Support RuggedRouter supports the following MIBs Radius Authentication Radius Authentication Configuration Edit Radius Server Parameters Outgoing Mail Chassis Parameters Parameter Description Syslog Factory Defaults System Logs Remote Logging Changing a Syslog entry to remote log Upgrade System RuggedRouter Software Fundamentals When a Software Upgrade Requires a Reboot Automatic Upgrade Upgrade to RX1100 Change Repository Server Automatic Upgrading Upgrading All Packages Installing a New Package Pre-upgrade/Post-upgrade scripts Uploading And Downloading Files Upload/Download menu Security Considerations Security ActionsPage Appendix a Setting Up a Repository Initial Repository SetupRepository Server Requirements Setting Up The Routers Upgrading The RepositoryAn Alternate Approach Upgrading Considerations Appendix B Downgrading Router Software Appendix C Installing Apache Web Server On Windows Apache Default WebPage Appendix D Installing IIS Web Server On Windows Installing IIS Appendix E Radius Server Configuration Windows Internet Authentication ServiceFreeRadius Edit Profile window, Click Add... button 276 RuggedCom RuggedCom 277 Index Dhcp Goose NTP SSH Vrrp