Filter
Top Products
Managing RADIUS
22-16 Managing Access Server Security
User Access to the Access Server
The primary way to define a user’s type of access is to use the RADIUS server attribute
called “User-Service-Type”. The following table shows User-Service-Type values that
the access server supports:
Setting User Permissions
Permissions are explicitly given by the authorizations that were in the
user-name entry
in the RADIUS server’s authentication entry. When any attributes that may be
appropriate are missing, an attempt is made to find a specified value in the realm
defaults. When these are still missing, the port configuration can supply its specified
values (for attributes having a corresponding representation in the port).
Permissions are from a DIGITAL vendor-specific RADIUS attribute. The following is
a list of RADUIS permissions:
For each of the these attributes, the default is NO
xxx
or DISABLED.
Value Description
Login LAT/TELNET, depending on the Login-Service
attribute or DEFAULT PROTOCOL value in PORT.
Framed PPP/SLIP, depending on the Framed-Protocol
attribute or DEFAULT PROTOCOL value in PORT.
Callback-Login User is first called back, then gets login.
Callback-Framed PPP/SLIP user is first called back.
Administrative-User NAS prompt with automatic privilege.
NAS-Prompt Access server’s command or menu prompt.
Callback-NAS-Prompt Callback first, then NAS prompt.
DIALOUT NODIALOUT
LAT NOLAT
TELNET NOTELNET
SLIP NOSLIP
PPP NOPPP
PRIVILEGED NOPRIVILEGED (level of DECSERVER command