Using Both Radius and OCS Authentication | Tut Systems SMS2000

Using SMS with RADIUS Server

RADIUS Attributes Sent In Access-

Request Packets

The SMS2000 sends the following attributes in Access-Request packets. The RADIUS server may choose to ignore any or all of these. The RADIUS server may make its access response based on any or all of these.

User-Name(1)

User-Password(2)

NAS-IP-Address(4)

NAS-Identifier(32)

NAS-Port(5)

Service-Type(6)

Framed-Protocol(7)

Tut:Mac-Address(1748:3)

NAS-Port-Type(61)

Tut :Client-IP-Address(1748 :5)

Framed-IP-Address(8)

RADIUS Attributes Received in Access- Accept Packets

See Appendix A, “Radius Access-Accept Dictionary File” for an example of how the SMS2000 uses the attributes defined in a dictionary file.

Using Both RADIUS and OCS

Authentication

Because the OCS in some ways manages the SMS2000, there can be only one OCS server configured on the SMS2000, and it must be for the default group. However, a RADIUS authentication server can be added to any group, and the OCS may be on or off for various groups.

To configure both RADIUS and the OCS on one SMS2000, enter the following commands:

sms2000% auth off

sms2000% group add radgroup sms2000% group *

Active group is now “*”

sms2000% auth add web http://web_ip/pp/welcome.php3 secret web_secret cmd-serv

sms2000% acct add radius radius_ip secret radius_secret sms2000% group radgroup

Active group is now “radgroup.”

sms2000% auth add radius radius_ip secret radius_secret sms2000% acct add radius radius_ip secret radius_secret sms2000% set rule israd 1 rule_expression

Note: If your OCS is configured, you need not turn authentication off. Simply use group add radgroup noinherit to prevent the new group from inheriting the OCS server configuration.

TUT Systems, Inc

Page 81 of 104

P/N 220-06288-20

Image 81

Tut Systems SMS2000 manual Using Both Radius and OCS Authentication, Radius Attributes Sent In Access Request Packets

Contents

TUT Systems SMS2000 User Guide SMS2000 User’s Guide SMSUser’s Guide Contents Configuring NTP Configuring SmtpConfiguring Snmp Polling Connectivity and Testing Authentication Authentication Configuring the Command ServerAuthentication with Radius Authorization Configuring Radius Using Rule PrioritiesGroups SMS2000 Rules Web Proxy Settings Using Both Radius and OCS AuthenticationSMS2000 Troubleshooting Procedures SMS2000 Status Attributes and Statistics Radius Attributes in Access-Accept Packets List of TablesList of Figures Audience PrefaceDocumentation available for this Release Related Documentation Introduction Subscriber Management Features Introduction Subscriber Management Components Subscriber Management Components OCS SMS2000 Introduction User Interface Getting Started For example restore config web original-confi g Accessing Help for CommandsIfconfig portnumber ipaddress /masklen Style Conventions Cursor Motion Keystrokes Cursor Movement Click Configure Initial ConfigurationEstablishing a Connection with the SMS2000 Establishing a Connection Via a Serial Interface Establishing a Connection Via Telnet Initial Configuration Initial Configuration Changing Your PasswordSetting the Quick Configuration Setting the Hostname Disabling AuthenticationSaving the Configuration Rebooting the System Verifying the ConfigurationReboot Configuration E-Mail Settings System AdministrationSetting the Default Configuration E-mail Set config-mailrecipient@SMTPserver SMTPserver Mailing the Current Configuration Configuration and System File ToolsDeleting the Configuration E-mail Committing Configuration Changes Disabling Automatic Configuration Changes Automatically Committing Configuration ChangesCommit auto Commit noauto Saving a Configuration Loading a Configuration FileRestoring a Previous Configuration Restoring the Default Configuration Configuring SmtpSetting the Smtp Server Deleting the Smtp Server Setting the Smtp ID Configuring NTPSetting the Timezone Set smtpid on off Configuring the NTP server Configuring Snmp PollingSetting the Time Enabling Snmp Polling Testing to See if Snmp Polling will Work Disabling Snmp PollingSnmp-pollmacaddress Testing Connectivity Connectivity and TestingSetting Specialized System Options System Tools Defining Ports Setting and Deleting Static PortsLeftrighthelp ? Port-definition mixed tut vlan Setting the Syslog Server Disconnecting a Session on a PortEvent Tracking Displaying Log Messages System Administration Tools Displaying Version InformationExiting the Management Session Displaying Control Keys Changing a PasswordPasswd Keys Snmp Agent Snmp ManagementSnmp System Contact Snmp System Location Snmp Trap Recipient Snmp Community System Information Tools Troubleshooting ToolsSMS2000% snmp delete trap-recipient Show snmp trap-recipient Upgrades Subscriber Connectivity CommandsSetting the ARP Failure Limit Setting the ARP Polling Period Archiving SMS2000 Firmware and distributing it from a Server Upgrading from Tut Systems’ Website Verifying a Successful Upgrade Returning to an Older Firmware VersionLoading Another Image System Administration Authentication Authentication Setting the Command Server for OCS Interaction Configuring the Command ServerDeleting the Command Server Adding the OCS as the Authentication Server Testing Authentication Deleting an Authentication ServerAuth add web url secret secret cmd-serv Auth on Bypassing Authentication Setting the Authentication IntervalAuth off forcedweb authokurl blockall Auth interval minutes off Http Request Throttle Setting the Http Request ThrottleAllow-Nets Deleting the Http Request Throttle Set allow-netipaddress netmask dns-name Setting an Allow-Net Automatic Redirection URLs Setting the Automatic Redirection URLDeleting an Allow-Net Set authok url Deleting the authok Authentication with RadiusAdding a Radius Server Delete authok Syntax Description Command Default Default retrans-primary-only isUsage Guidelines Example Set NAS port type parameter Set nas-port-type integerSet nas-port-type Configuring a Radius SSL Back Channel Testing Authentication on the Radius ServerShow status radius Show status radius Example Authorization AuthorizationAuthorization Server Functionality Accounting AccountingSending Accounting Messages to a Syslog Server Configuring Accounting Parameters Radius Accounting ConfigurationSending Accounting Messages to a Radius Server Deleting a Radius Accounting Server Provisioning Provisioning Billing Billing Groups Service Creation Using Groups and RulesAdding a Group Group add groupname noinherit inherit groupname Subscribers that Cannot Support Authentication Setting the Active Group ContextSetting Maximum Users Per Port Deleting a Group Adding a Rule SMS2000 RulesDeleting a Rule Set rule rulename groupname priority rulestring IP Address Rule Expression ComponentsMAC Address Ip=ipaddress ,netmask Not Operator Vlan=vlanida-vlanidbTut=ipaddress-linenum*-portnum Or Operator OperatorParenthesis Expression and expression Using Rule Priorities IP Addressing IP AddressingPlug and Play With NAT Dhcp Pools Static Routable Addresses IP Multicasting Static Non-Routable Addresses Configuring IP Types Iptype default NAT static Dhcp 1to1 1to1UniqueUnderstanding 1to1 and 1to1 Unique IP Types Deleting a Configured Source-Net Setting a Source-NetSource-Nets Set source-netstartaddress endaddress subnet-mask Creating Dhcp Pools Setting the DNS Server AddressRemoving a Dhcp Assignment Dhcp-server release macaddress Deleting the DNS Server Address Static RoutesAdding Routes Set dns add ipaddress Setting up the LPR Host PrintingSet lpr hostname off queuename maxpages maxbytes Using SMS2000 with a Radius Server Configuring RadiusObtaining the Radius Server Software Configuring Service Parameters Adding the SMS2000 as a Client on the Radius ServerAdding Users to the Radius Server Radius Ports Using Real IP Addresses SMS2000 Status Attributes and Statistics SMS2000 NAS FileRadius Attributes Sent in Accounting Messages Using Both Radius and OCS Authentication Radius Attributes Sent In Access Request PacketsRadius Attributes Received in Access- Accept Packets Deleting Traffic Shaping Setting Traffic ShapingShape xbps/rbps Shape xbps/rbps delete SMS2000 and Property Management Systems PMS Setting the PMS Server TTY ACK-NAK ENQ-ACK-NAK Protocol Modes ENQ-ACK-NAK Mode Loading and Deleting Customized Web Pages Customizing SMS2000 Web Authentication with RadiusFiles For Groups Loading Web Pages or Files Load web url defaults Path ComponentsImage Links Upgrading Customizing Web PagesDeleting Web Pages or Files Preserving the Web Form Web Page Redirection Size For Web Pages and External Links Active Page Components Viewing CustomizationsReference Web Proxy Settings Configuring Web Proxy SettingsSetting the Wpad Curl Setting the Wpad Timeout Web Proxy Server Set proxy-ports port Delete proxy-ports portShow proxy-ports SMS2000 Troubleshooting Procedures SMS2000 Troubleshooting Multiple frames opened Snmp PollingBrowser Unable to do credit card Line Verify OCS screens off Radius Attributes in Access-Accept Packets Appendix a Radius Access-Accept Dictionary File Appendix Appendix TUT Systems, Inc 100 Technical Support Appendix B Technical Assistance and Customer SupportInternet Telephone Equipment Return and Repair Hardware Limited Warranty Appendix C SMS2000 Limited WarrantyLimitations of Warranty Exclusive Remedies Tut Systems, Inc., Customer Service Department Electrical Safety AdvisoryAssistance FCC Radio Frequency Interference Statement TUT Systems, Inc 104