Changing domain authentication settings – ADC SG-1 User Manual
Page 93
Chapter 7: Second Level Commands
7-13
Changing domain authentication settings
In a SG-1 system, virtual private tunnels (VPNs) are created upon RADIUS request. The tunneling service is always
enabled within the SG-1 (there is no configuration command for turning it on or off). The domain-authentication
configuration command is used to enable and disable authentication of the user's domain.
The domain-authentication separator command defines a list of characters that will be regarded as separators within
usernames. The SG-1 can then extract the domain name by discarding the portion of the username before the
separator. This command also enables the domain authentication process. The valid separators are !, @, #, $, %,
and -.
To define @ and # as separators and enable domain authentication, type:
domain-authentication separator @#
(then press ENTER).
To turn off the domain authentication process, type:
no domain-authentication
(then press ENTER).
• The authentication web-auth-method command defines the system authentication method to be used in WEB
authentication (when authenticating a user via WEB authentication process).
• The system default value is PAP. When configured to its default values the system does not present it in write
terminal command.
• The authentication methods are PAP or CHAP. The system should authenticate a WEB authenticated user
based on this configuration. When CHAP is configured the system should process all necessary attributes for
CHAP authentication (produce challenge, calculate the response based on the challenge and the password
and communicate with the RADIUS as defined in the RFC).
Usage:
authentication web-auth-method [<PAP | CHAP>]
Parameter(s)
<PAP | CHAP>
Set the system WEB authentication method.
PAP – Authenticate the user using PAP
CHAP – Authenticate the user using CHAP
Host(config)# domain-authentication
Host(config)# authentication web-auth-method