Authentication

SMS2000 can substitute subscriber information for replaceable parameters in the URL. For example, here the set authok command is shown using the secret as well as the blockall parameters, and a URL with parameters embedded in it which are handled during the redirect.

sms2000% set authok

http://www.myserver.com/mypath/myscript.cgi?port=$port&host=$host& mac=$mac&group=$group&origurl=$origurl&seq=$seq&sig=$sig secret mysecret blockall

Note: This can be used in conjunction with an OCS to create a free service at slower speeds, selling higher speed services through the SMS2000.

Deleting the authok Page

To delete the URL (forcedweb page) to which a subscriber is automatically redirected when authentication is complete or to which a subscriber connects if authentication is off, use this command:

delete authok

For example, To delete the URL for subscriber access, type:

sms2000% delete authok

Authentication with RADIUS

Note: A RADIUS accounting server must be separately configured if RADIUS accounting is desired.

Adding a RADIUS Server

Use the auth add radius command to configure a RADIUS server as the authentication server for the current group. When a subscriber connects to the SMS2000, he is automatically redirected to a login page, which requires a user name and password. This information is sent to the configured RADIUS server. If the server approves, the subscriber is granted access, and accounting information is automatically sent to the RADIUS accounting server.

Beginning with the 2.3.6 release of SMS software, many RADIUS attributes and additional features have been added.

For example:

Add multiple RADIUS servers for fault-tolerance

Add Alias IP addresses for clustered RADIUS Servers

Configure retransmission, deadtime, and timeout timers

TUT Systems, Inc

Page 52 of 104

P/N 220-06288-20

Page 52
Image 52
Tut Systems SMS2000 manual Authentication with Radius, Deleting the authok, Adding a Radius Server, Delete authok