Appendix e – radius server configuration, Freeradius, Windows internet authentication service – RuggedCom RuggedRouter RX1000 User Manual

Page 276

Advertising
background image

RuggedRouter

User Guide

Appendix E – Radius Server Configuration

This section describes how to configure popular radius servers to supply a Vendor-
Specific field, “privilege-level”, which is used by Webmin to assign assign specific
capabilities to Webmin users on a per user basis. Currently, the only privilege-level
is that of “root”, but RuggedCom will be introducing additional levels in upcoming
releases.

FreeRadius

The following steps to add Vendor-Specific attributes to the freeradius radius server.

1. Locate your dictionary file (usually in /usr/share/freeradius/).
2. In your dictionary directory, open the file “dictionary” add the line

“$INCLUDE dictionary.ruggedcom” to the end of it

3. Create a file “dictionary.ruggedcom” under the dictionary directory

containing:

# -*- text -*-
#
# The RuggedCom Vendor-Specific dictionary.
#
# Version: $Id: dictionary.RuggedCom,v 1.3.4.1 2005/11/30 22:17:24 aland Exp $
#
# For a complete list of Private Enterprise Codes, see:
#
# http://www.isi.edu/in-notes/iana/assignments/enterprise-numbers
#
VENDOR RuggedCom 15004

BEGIN-VENDOR RuggedCom

ATTRIBUTE RuggedCom-Privilege-level 2 string

END-VENDOR RuggedCom

4. Users are assigned by adding lines to the file /etc/freeradius/user. Note that

currently, the only privilege-level is that of “root”. For example to assign a
user “john” with a password of “test”, add the following line:

john Auth-Type := Local, User-Password == "test"

4.

RuggedCom-Privilege-level = "root"

5. Restart your freeradius server.

Windows Internet Authentication Service

The following steps to configure your IAS server.

1. Create groups used for different privilege level, for example, if the privilege

level is root, you can create a group called Radius_RuggedRouter_root. Add
the users having this privilege level to this group.

2. Use the New Remote Access Policy Wizard to create a custom policy with the

following settings:
Conditions:
NAS-Identifier matches with webmin
Windows-Group matches with the group the user belongs to

274 RuggedCom

Advertising
Popular Brands
Popular manuals