Raritan Computer DKSX440 User Manual
Page 64
52
D
OMINION
KSX U
SER
M
ANUAL
•
Default RADIUS Permissions: With RADIUS Authentication operational, “Default RADIUS Permissions”
defines the basic initial permissions or privileges for all RADIUS user name and password profiles.
Note: These initial RADIUS permissions can be changed for each individual user, by overriding
attributes returned by the RADIUS server. Please see Appendix B: RADIUS Server Settings for
more information.
−
User permissions (Net, Modem, PC Share) (Default): All RADIUS authenticated users will have user
level (non administrative) access to Dominion KSX over the network and via modem. All users will also
have PC Share power, giving them concurrent access capability. That means they can connect to a
Dominion KSX KVM port even if another user is already connected. Keyboard and mouse control is also
granted.
−
Admin permissions (Net, Modem, PC Share): All RADIUS authenticated users will have Administrator
level (with Admin powers) access to Dominion KSX over the network or via modem. All users will also
have PC Share power, giving them concurrent access capability. That means they can connect to a
Dominion KSX KVM port even if another user is already connected. Keyboard and mouse control is also
granted.
Note: Control during concurrent access to a Target KVM Server in PC Share mode will be based
on first active keyboard/mouse input, so multiple remote users attempting keyboard input or
mouse movement at exactly the same moment may experience uneven control. RADIUS users with
individual PC Share capability will only be able to connect concurrently to Dominion KSX
provided the global PC Share Mode setting on the Security Configuration screen also enables it.
−
None, must use RADIUS attributes: No assumed initial permissions exist. All RADIUS authenticated
users will be denied access to Dominion KSX unless they are given specific permission to gain access.
Specific permission takes the form of FILTER-ID attributes, which are returned by the RADIUS server for
each individual RADIUS user. See Appendix C for details regarding Filter ID attributes.
•
Authentication Type: Controls which password authentication protocol will be used between Dominion KSX
Control on the Remote PC, Dominion KSX, and the RADIUS server.
−
PAP (Default): Password Authentication Protocol (PAP) will be used to encrypt and authenticate the
user’s password.
Note: PAP is slightly less secure than CHAP, but some RADIUS servers require the PAP protocol.
RADIUS Database
Of User Names &
Passwords Used
IP-Reach
Database of User
Names and
Passwords Used
RADIUS Authentication is set to NO
Or
RADIUS Authentication is set to YES, but
the user name and password entered
exactly matches a user name and password
in the
IP-Reach
database of profiles.
uses permissions
set for each user by the system
administrator on the User Account
Settings Screen (Figure 57)
RADIUS Authentication is set to YES
And
user name and password entered does not match any user
name and password in the IP-Reach database of profiles.
IP-Reach
has no predefined permissions
set for each user, since it is NOT using the
IP-Reach
database of user profiles created by the system
administrator on the User Account
Settings Screen (Figure 57)
Default RADIUS Permissions
Must be set on the RADIUS
Configuration Screen
For ALL RADIUS user names and passwords IP-Reach
uses the initial
permission assumptions as set under Default RADIUS Permissions *
–
User permissions (Net, Modem, PC Share)
–
Admin permissions (Net, Modem, PC Share)
–
None, must use RADIUS attributes
IP-Reach