Setting up radius authentication, Radius server user authentication settings, Chapter 6 - basic configuration guide 26 – Compatible Systems IntraPort A00-1869 User Manual
Page 32
Chapter 6 - Basic Configuration Guide
26
Setting up RADIUS Authentication
If you are using a RADIUS server for user authentication, you must set up the IntraPort Enter-
prise-8 to communicate with a RADIUS server and also set some special parameters in the
RADIUS server itself
Setting the IntraPort Enterprise-8 for a RADIUS Server
Just a few basic settings are required for the IntraPort Enterprise-8 to communicate with a
RADIUS server:
•
Primary server IP address
• Secret
•
VPN password attribute number
•
VPN group attribute number
CV: Use the RADIUS Configuration Dialog Box.
TB: Use the configure command and set the PrimAddress, Secret, VPNPassword and
VPNGroupInfo keywords in the RADIUS section.
RADIUS Server User Authentication Settings
In order for client authentication and accounting to be done on a RADIUS server, the RADIUS
server must be configured with four pieces of data for each user.
• User
name
• Login
password
• Group
configuration
• Tunnel
secret
The user name is kept in the User-Name attribute in the RADIUS server and the login pass-
word is kept in the Password attribute. The group configuration is kept in attribute number 77
of the RADIUS database, and the tunnel secret is kept in attribute number 69. These two
attribute numbers must be configured in the RADIUS server’s dictionary file.
The RADIUS server will also log the real IP address of the client and the IP address assigned
to the client by the IntraPort Enterprise-8 as it begins to account for the client. To use this
feature, the two attribute numbers for these two IP address strings must also be configured in
the RADIUS server’s dictionary file and in the RADIUS section of the IntraPort’s configura-
tion.
The following is an example for a Livingston RADIUS server dictionary file:
ATTRIBUTEClient-Real-IP66
string
ATTRIBUTEClient-Assigned-IP67 string
ATTRIBUTEVPN-Password69
string
ATTRIBUTEVPN-GroupInfo77
string
The following is a sample RADIUS user database entry from a Livingston RADIUS server:
User-Name = corpauser
Password = "radiuslogin"
VPN-Password = "abc"
VPN-GroupInfo = "CorporateA"
After making and saving these changes, you must restart the RADIUS server in order for it to
recognize the new settings.
v Note: Refer to the user manual for your RADIUS server for the exact format of dictionary
and user database entries.
v Note: Although MacRADIUS servers offer a GUI, the custom attribute settings will require
that you enter users in the Users text file. See the user manual for your server for more infor-
mation on exporting, editing and importing the Users text file.
In addition to the RADIUS server settings, the user name, login password and tunnel secret
must match the settings for each user in the User Properties window of the VPN Client. The
group configuration must match one of the VPN group configurations in the IntraPort Enter-
prise-8’s configuration.