Filter
Top Products
Managing Access Server Security 22-15
Managing RADIUS
Example: Defining Realm Default Authorization Attributes
LOCAL> CHANGE RADIUS REALM JONAS.COM PERMISSIONS (DIALBACK)
LOCAL> CHANGE RADIUS REALM JONAS.COM
CALLBACK ENABLED DIALBACK
NUMBER "1-800-555-1111"
Example: Defining Password Authentication Type
LOCAL> CHANGE RADIUS REALM JONAS.COM
ACCESS FRAMED
Note
The value NONE should be read as unspecified. This allows the port configuration to
determine the access whenever the RADIUS server’s user entry does not specify one
or more authorization attribute.
RADIUS User Authorizations
The ultimate value for an authorization attribute may come from one of three sources:
the RADIUS server, the realm defaults, or port characteristics, in that order of
precedence. The choices for such features are:
1
For each RADIUS realm name you define, you can set various authorization
attributes for that realm. These values serve as defaults at the realm level. This
means, that when a RADIUS user tries to login to the access server, these values
will be assigned to authorization attributes if the user entry in the RADIUS
server’s users file does not assign a value for the corresponding attribute. If the
user does not provide the attribute default in the realm, and the corresponding
attribute is not provided in the RADIUS server’s users file, then the access
server’s port characteristics are used if they have been previously defined.
2
One of the legal settings of the attributes in the realm is NONE. This special value
connotes unspecified. In this case, when a user attempts to log in, if the value is
not specified in the RADIUS server’s entry for the user name, and has the value
NONE in the REALM, then the PORT configuration parameter assigns the
corresponding value.
The resulting value may still be unspecified, if the corresponding port
characteristic is unspecified or does not exist. Only a portion of the RADIUS
authorization attributes have a corresponding realm default or corresponding port
attribute.