Returning user group information via radius, Radius communication exchange specifications – Raritan Computer DOMINION DKX432 User Manual

46

D

OMINION

KX

U

SER

G

UIDE

Returning User Group Information via RADIUS
When a RADIUS authentication attempt succeeds, the device determines the permissions for a
given user based on the permissions of the user’s group.

Your remote RADIUS server can provide these user group names by returning an attribute,
implemented as a RADIUS FILTER-ID. The FILTER-ID should be formatted as follows:

Raritan:G{GROUP_NAME}

where

GROUP_NAME

is a string, denoting the name of the group to which the user belongs.

RADIUS Communication Exchange Specifications
KX101 sends the following information to RADIUS server in an authentication query:

A

TTRIBUTE

D

ATA

USER-NAME

The user name entered at the login screen.

USER-PASSWORD

In PAP mode, the encrypted password entered at the login screen.

CHAP-PASSWORD

In CHAP mode, the CHAP protocol response computed from the
password and the CHAP challenge data.

NAS-IP-ADDRESS

Dominion KX’s IP Address

NAS-IDENTIFIER

The Dominion KX unit name as configured in “Network
Configuration” (see previous section).

NAS-PORT-TYPE

The value ASYNC (0) for modem connections and ETHERNET
(15) for network connections.

NAS-PORT Always

0.

STATE

If this request is in response to an ACCESS-CHALLENGE, the state
data from the ACCESS-CHALLENGE packet will be returned.

PROXY-STATE

If this request is in response to an ACCESS-CHALLENGE, the
proxy state data from the ACCESS-CHALLENGE packet will be
returned.