Radius, rox, and services – RuggedCom RuggedRouter RX1100 User Manual

Page 306

Advertising
background image

34. Maintaining The Router

Revision 1.14.3

306

RX1000/RX1100™

RADIUS authentication activity is logged to the authorization log file, "auth.log". Details of each
authentication including the time of occurrence, source and result are included.

34.7.1.3. RADIUS, ROX, and Services

RADIUS provides the means to restrict access on a per-service basis. Accounts may be configured
on a RADIUS server to be allowed access only to the Webmin service, for example. RuggedRouter
supports RADIUS authentication for the following services:

LOGIN

PPP

WEBMIN

RuggedRouter provides the option of designating different servers to authenticate LOGIN, PPP or
WEMBIN services separately or in combination.

The LOGIN Service

The LOGIN service consists of the following types of access:

• Local console logins via the serial port and modem

• Remote shell logins via SSH and Telnet

• Secure file transfers using SCP and SFTP (based on SSH)

Note that the only two accounts that typically use the LOGIN service on RuggedRouter are "root"
and "rrsetup".

Authentication requests for LOGIN services will attempt to use RADIUS first. If no response is received
from any configured RADIUS server, RuggedRouter will authenticate against the local user database.

Note

RuggedRouter manages both the RADIUS "login" and "ssh" services together as "LOGIN" from
the Webmin interface. Please refer to

RADIUS Server Configuration

for details on configuring

accounts for these services at the RADIUS server.

The PPP Service

The PPP service represents incoming PPP connections via modem. Authentication requests to the
PPP service use RADIUS only. In the event that no response is received from any configured RADIUS
server, RuggedRouter will not complete the authentication request.

The WEBMIN Service

The WEBMIN service represents access to the Webmin user interface. Webmin accesses are
authenticated first against the local user database. If the user does not exist locally, (the root account,
for example, is always defined locally) then Webmin will attempt to authenticate the user via RADIUS.

Advertising
Popular Brands
Popular manuals