Version 7.2 251 Mediant 800B Gateway & E-SBC
User's Manual 15. Services
15.3.6.1 Setting Up a Third-Party RADIUS Server
The following procedure provides an example for setting up a third-party RADIUS sever,
FreeRADIUS which can be downloaded from www.freeradius.org. Follow the instructions
on this Web site for installing and configuring the server. If you use a RADIUS server from
a different vendor, refer to its appropriate documentation.
 To set up a third-party RADIUS server (e.g., FreeRADIUS):
1. Define the device as an authorized client of the RADIUS server, with the following:
• Predefined shared secret (password used to secure communication between the
device and the RADIUS server)
• Vendor ID (configured on the device in 'Configuring the RADIUS Vendor ID' on
page 249)
Below is an example of the clients.conf file (FreeRADIUS client configuration):
#
# clients.conf - client configuration directives
#
client 10.31.4.47 {
secret = FutureRADIUS
shortname = audc_device
}
2. If access levels are required, set up a Vendor-Specific Attributes (VSA) dictionary for
the RADIUS server and select an attribute ID that represents each user's access level.
The example below shows a dictionary file for FreeRADIUS that defines the attribute
"ACL-Auth-Level" with "ID=35". For the device's user access levels and their
corresponding numeric representation in RADIUS servers, see 'Configuring
Management User Accounts' on page 79.
#
# AudioCodes VSA dictionary
#
VENDOR AudioCodes 5003
ATTRIBUTE ACL-Auth-Level 35 integer AudioCodes
VALUE ACL-Auth-Level ACL-Auth-UserLevel 50
VALUE ACL-Auth-Level ACL-Auth-AdminLevel 100
VALUE ACL-Auth-Level ACL-Auth-SecurityAdminLevel 200
3. Define the list of users authorized to use the device, using one of the password
authentication methods supported by the server implementation. The example below
shows a user configuration file for FreeRADIUS using a plain-text password:
# users - local user configuration database
john Auth-Type := Local, User-Password == "qwerty"
Service-Type = Login-User,
ACL-Auth-Level = ACL-Auth-SecurityAdminLevel
sue Auth-Type := Local, User-Password == "123456"
Service-Type = Login-User,
ACL-Auth-Level = ACL-Auth-UserLevel
4. Record and retain the IP address, port number, shared secret code, vendor ID, and
VSA access level identifier (if access levels are implemented) used by the RADIUS
server.
To Next Page
Loading...
Need help?
General
