More services
514
12.10
Extensions to the RADIUS server
BAT54-Rail/F..
Release
7.54
06/08
The LCOS RADIUS server stores any connected RADIUS servers along with
their associated realms in a forwarding table. The realm is searched for in this
table in connection with the communicated user name. If no entry is found,
the request is answered with an access reject. An empty realm is treated as
a local request, i.e. the LCOS RADIUS server searches its own user tables
and generates its response accordingly.
To support the processing of realms the LCOS RADIUS server uses two spe-
cial realms:
D Default realm: This realm is used where a realm is communicated for
which no specific forwarding server has been defined. Importantly, a cor-
responding entry for the default realm itself must be present in the for-
warding table.
D Empty realm: This realm is used when no realm is communicated, but the
user name only.
In the default state the forwarding table has no entries, i.e. the default and
empty realms are empty. This means that all requests are treated as local re-
quests and any realms which are communicated are ignored. To operate the
LCOS RADIUS server purely as a forwarding server or RADIUS proxy, the
default and empty realms must be set to a value that corresponds with a serv-
er defined in the forwarding table.
Please note that the forwarding of RADIUS requests does not alter the user
name. No realm is added, changed or removed. The next server may not be
the last one in the forwarding chain, and the realm information may be re-
quired by that server to ensure that forwarding is carried out correctly. Only
the active RADIUS server which processes the request resolves the realm
from the user name, and only then is a search made of the table containing
the user accounts. Accordingly the LCOS RADIUS server resolves the realm
from the user name for processing requests locally.
The processing of tunneled EAP requests using TTLS and PEAP makes use
of a special EAP tunnel server, which is also in the form of a realm. Here you
select a realm that will not conflict with other realms. If no EAP tunnel server
is defined then the LCOS RADIUS server forwards the request to itself,
meaning that both the internal and the external EAP authentications are han-
dled by the LCOS RADIUS server itself.
To Next Page
Loading...
Need help?
General
