Raritan Computer DKX116 ユーザーズマニュアル
46
D
OMINION
KX
U
SER
G
UIDE
Returning User Group Information via RADIUS
When a RADIUS authentication attempt succeeds, the device determines the permissions for a
given user based on the permissions of the user’s group.
When a RADIUS authentication attempt succeeds, the device determines the permissions for a
given user based on the permissions of the user’s group.
Your remote RADIUS server can provide these user group names by returning an attribute,
implemented as a RADIUS FILTER-ID. The FILTER-ID should be formatted as follows:
implemented as a RADIUS FILTER-ID. The FILTER-ID should be formatted as follows:
Raritan:G{GROUP_NAME}
where
GROUP_NAME
is a string, denoting the name of the group to which the user belongs.
RADIUS Communication Exchange Specifications
KX101 sends the following information to RADIUS server in an authentication query:
A
TTRIBUTE
D
ATA
USER-NAME
The user name entered at the login screen.
USER-PASSWORD
In PAP mode, the encrypted password entered at the login screen.
CHAP-PASSWORD
In CHAP mode, the CHAP protocol response computed from the
password and the CHAP challenge data.
password and the CHAP challenge data.
NAS-IP-ADDRESS
Dominion KX’s IP Address
NAS-IDENTIFIER
The Dominion KX unit name as configured in “Network
Configuration” (see previous section).
Configuration” (see previous section).
NAS-PORT-TYPE
The value ASYNC (0) for modem connections and ETHERNET
(15) for network connections.
(15) for network connections.
NAS-PORT Always
0.
STATE
If this request is in response to an ACCESS-CHALLENGE, the state
data from the ACCESS-CHALLENGE packet will be returned.
data from the ACCESS-CHALLENGE packet will be returned.
PROXY-STATE
If this request is in response to an ACCESS-CHALLENGE, the
proxy state data from the ACCESS-CHALLENGE packet will be
returned.
proxy state data from the ACCESS-CHALLENGE packet will be
returned.