Compatible Systems 10/100 ユーザーズマニュアル
Chapter 2 - Basic Configuration Guide
7
Setting up RADIUS Authentication
If you are using a RADIUS server for user authentication, you must set up the IPC to commu-
nicate with a RADIUS server and also set some special parameters in the RADIUS server
itself.
nicate with a RADIUS server and also set some special parameters in the RADIUS server
itself.
Setting the IntraPort for a RADIUS Server
Just a few basic settings are required for the IntraPort to communicate with a RADIUS server.
•
Primary server IP address
•
Secret
•
VPN password attribute number
•
VPN group attribute number
CV: Use the RADIUS Configuration Dialog Box.
TB: Use the configure command and set the PrimAddress, Secret, VPNPassword and
VPNGroupInfo keywords in the RADIUS section.
RADIUS Server User Authentication Settings
In order for client authentication and accounting to be done on a RADIUS server, the RADIUS
server must be configured with four pieces of data for each user.
server must be configured with four pieces of data for each user.
• User
name
• Login
password
• Group
configuration
• Tunnel
secret
The user name is kept in the User-Name attribute in the RADIUS server and the login pass-
word is kept in the Password attribute. The group configuration is kept in attribute number 77
of the RADIUS database, and the tunnel secret is kept in attribute number 69. These two
attribute numbers must be configured in the RADIUS server’s dictionary file.
word is kept in the Password attribute. The group configuration is kept in attribute number 77
of the RADIUS database, and the tunnel secret is kept in attribute number 69. These two
attribute numbers must be configured in the RADIUS server’s dictionary file.
The RADIUS server will also log the real IP address of the client and the IP address assigned
to the client by the IPC as it begins to account for the client. To use this feature, the two
attribute numbers for these two IP address strings must also be configured in the RADIUS
server’s dictionary file and in the RADIUS section of the IntraPort’s configuration.
to the client by the IPC as it begins to account for the client. To use this feature, the two
attribute numbers for these two IP address strings must also be configured in the RADIUS
server’s dictionary file and in the RADIUS section of the IntraPort’s configuration.
The following is an example for a Livingston RADIUS server dictionary file:
ATTRIBUTEClient-Real-IP66
string
ATTRIBUTEClient-Assigned-IP67string
ATTRIBUTEVPN-Password69
string
ATTRIBUTEVPN-GroupInfo77
string
The following is a sample RADIUS user database entry from a Livingston RADIUS server.
User-Name = corpauser
Password = “radiuslogin”
VPN-Password = “abc”
VPN-GroupInfo = “CorporateA”
After making and saving these changes, you must restart the RADIUS server in order for it to
recognize the new settings.
recognize the new settings.
v Note: Refer to the user manual for your RADIUS server for the exact format of dictionary
and user database entries.
and user database entries.
v Note: Although MacRADIUS servers offer a GUI, the custom attribute settings will require