Version 7.2 251 Mediant 800B Gateway & E-SBC
User's Manual 15. Services
15.3.6.1 Setting Up a Third-Party RADIUS Server
The following procedure provides an example for setting up a third-party RADIUS sever,
FreeRADIUS which can be downloaded from www.freeradius.org. Follow the instructions
on this Web site for installing and configuring the server. If you use a RADIUS server from
a different vendor, refer to its appropriate documentation.
 To set up a third-party RADIUS server (e.g., FreeRADIUS):
1. Define the device as an authorized client of the RADIUS server, with the following:
• Predefined shared secret (password used to secure communication between the
device and the RADIUS server)
• Vendor ID (configured on the device in 'Configuring the RADIUS Vendor ID' on
page 249)
Below is an example of the clients.conf file (FreeRADIUS client configuration):
#
# clients.conf - client configuration directives
#
client 10.31.4.47 {
secret = FutureRADIUS
shortname = audc_device
}
2. If access levels are required, set up a Vendor-Specific Attributes (VSA) dictionary for
the RADIUS server and select an attribute ID that represents each user's access level.
The example below shows a dictionary file for FreeRADIUS that defines the attribute
"ACL-Auth-Level" with "ID=35". For the device's user access levels and their
corresponding numeric representation in RADIUS servers, see 'Configuring
Management User Accounts' on page 79.
#
# AudioCodes VSA dictionary
#
VENDOR AudioCodes 5003
ATTRIBUTE ACL-Auth-Level 35 integer AudioCodes
VALUE ACL-Auth-Level ACL-Auth-UserLevel 50
VALUE ACL-Auth-Level ACL-Auth-AdminLevel 100
VALUE ACL-Auth-Level ACL-Auth-SecurityAdminLevel 200
3. Define the list of users authorized to use the device, using one of the password
authentication methods supported by the server implementation. The example below
shows a user configuration file for FreeRADIUS using a plain-text password:
# users - local user configuration database
john Auth-Type := Local, User-Password == "qwerty"
Service-Type = Login-User,
ACL-Auth-Level = ACL-Auth-SecurityAdminLevel
sue Auth-Type := Local, User-Password == "123456"
Service-Type = Login-User,
ACL-Auth-Level = ACL-Auth-UserLevel
4. Record and retain the IP address, port number, shared secret code, vendor ID, and
VSA access level identifier (if access levels are implemented) used by the RADIUS
server.