Authentication services
Using a third-party RADIUS server
11-9
Primary/Secondary RADIUS server
Server address: Specify the IP address or fully-qualified domain name of the
RADIUS server.
Secret/Confirm secret: Specify the password for the controller to use to
communicate with the RADIUS server. The shared secret is used to authenticate all
packets exchanged with the server, proving that the packets originate from a valid/
trusted source.
Authentication realms
When authentication realms are enabled for a profile, selection of the RADIUS server to
use for authentication is based on the realm name, rather than the RADIUS profile name
configured. This applies to any VSC authentication setting that uses the profile.
Realm names are extracted from user names as follows: if the username is
person1@mydomain.com then mydomain.com is the realm. The authentication
request is sent to the RADIUS profile with the realm name mydomain.com. The
username sent for authentication is still the complete person1@mydomain.com.
For added flexibility, regular expressions can be used in realm names, enabling a
single realm name to match many users. For example, if a realm name is defined with
the regular expression ^per.* then all usernames beginning with per followed by any
number of characters will match. The following usernames would all match:
per123.biz
per321.lan
per1
Important
Realms names are not case-sensitive and can be a maximum of 64 characters long.
You can define a maximum of 200 realms across all RADIUS profiles. There is no limit
to the number of realms that you can define for each RADIUS profile.
Each RADIUS profile can be associated with one or more realms. However, a realm
cannot be associated with more than one profile.
A realm overrides the authentication RADIUS server only. The server used for
accounting is not affected.
When realm configuration is changed in any way, all active user sessions are
terminated.
To Next Page
Loading...
Need help?
General
