Appendix B. RADIUS Server Configuration
ROX™ v2.2 User Guide 497 RuggedBackbone™ RX1500
Appendix B. RADIUS Server Configuration
This section describes the configuration procedures for two popular RADIUS servers, "FreeRADIUS"
and the Microsoft Windows "Internet Authentication Service" in order to create and manage accounts
that are able to access resources on RuggedBackbone™. There are four RADIUS attributes required
for the configuration of accounts to access services on RuggedBackbone™. The following table shows
the RADIUS attributes required by RuggedBackbone™ for accounts that are designated to use one or
more of the "login", "ppp", or "ssh" services:
RADIUS Attribute login ppp ssh
User ID required required required
Password required required required
NAS-Identifier
RuggedCom-Privilege-level
Table B.1. Required Attributes for various RADIUS services
Every account to be authenticated on behalf of the RuggedBackbone™ must have a user ID and
password. The RADIUS "NAS-Identifier" attribute may optionally be used to restrict which service an
account may access:
• login
• ppp
• ssh
Accounts that do not specify a "NAS-Identifier" attribute may access any RuggedBackbone™ service
upon authentication. Accounts may also be defined to have access to one or several services. For more
information on these services on RuggedBackbone™, please refer to RADIUS, ROXII, and Services.
You must all the following information to the vendor-specific extensions of the chosen RADIUS server:
• RuggedCom uses Vendor number 15004.
• "RuggedCom-Privilege-level" is attribute 2, of type "string".
• "RuggedCom-Privilege-level" must take one of the following three values:
• "admin"
• "operator"
• "guest"
B.1. PPP / CHAP and Windows IAS
In order for Windows IAS to authenticate PPP connections that use the CHAP authentication protocol,
IAS must be made to store passwords using what it calls "reversible encryption".
1. Ensure that CHAP authentication is enabled in the Remote Access Policy.
2. In the Active Directory settings for each PPP user, select "Store password using reversible
encryption".
To Next Page
Loading...
Need help?
General
