Page 282 SonicWALL Internet Security Appliance Administrator’s Guide
ACS Server (Cisco)The ACS server, version 2.6, from Cisco does not support the configuration of vendor-specific
privileges. Therefore, if a ACS Server is deployed, user privi leges cannot be co nfigured on the se rver.
The ACS server can still be used for authentication if the RADIUS users are configured globally on
the SonicWALL to have the same pr ivi lege s. Also , t he AC S ser v er su ppo r ts C HAP, so it ca n be us ed
if HTTPS is not available when logging into the SonicWALL management interface.
Internet Authentication Service (Windows NT/2000 Server)The RADIUS server used on Microsoft Windows NT and Windows 2000 servers is known as the
Internet Authentication Ser vic e (IA S). The R ADIU S attr ib utes are c onfi gu red usin g pol ic ies, and d oes
not support pre-configuration of vendor-specific attributes. The RADIUS attributes are entered
manually into the se r v ic e by using the following ins t r uc tions:
1. Open IAS, and selec t Remote Access Policies.
2. Select the policy to be configured for user privileges, and right click. Select Properties from the
list.
3. Click Edit Profile, and then click Advanced. Click Add.
4. Select Vendor-Spe cific from the list, and click Add. The Multivalued Attribute Information box
appears.
5. Click Add. The Vendor-Spe ci fi c Att ribu t e Inf orm a ti on box appears.
6. Click Enter Vendor Code, and enter 8741 as the vendor code.
7. Click Yes, It conform s, and then click Configure Attribute. The Configure VSA (RFC compliant)
window appears.
8. Enter 1 as the Vendor-assigned attribute number.
9. Select Decimal as the Attribute format.
10. Enter one of the following values as the Attribute value. Each value defines a privilege for users
within the policy.
1 - Remote Access
2 - Bypass Filte rs
3 - Access from VPN Client
4 - Access to VPN s
11. Click OK, and then OK again to return to the Multivalued Attribute Information window.
Repeat Steps 5 through 11 for each privilege configured for a policy.
For further information, refer to “To co nfigure vendor-specific attributes for a remote access policy”
in the IAS help file.
With IAS, the use r database is located on t he domain controller. Th erefore, IAS only suppor ts CHAP
with RADIUS if the domain controller is configured to store passwords using reversible encryption
for all users. If the domain controller is not configured in this manner, it is necessary to use HTTPS
to log into the SonicWALL management interface.