Filter
Top Products
42 DOMINION KX USER MANUAL
Implementing RADIUS Remote Authentication
Microsoft Active Directory can be used as source information for RADIUS authentication by installing the
Windows server component Internet Authentication Server.
If you choose RADIUS authentication protocol, complete the RADUIS fields as follows:
− Authentication Type: Click on the drop-down arrow to select either CHAP or PAP protocol.
− Server UDP Port / Custom UDP Port: Click on the drop-down arrow to select whether you
would prefer using standard RADIUS TCP port 1812, the legacy RADIUS TCP port 1645, or type
in your own user defined port in the Custom UDP Port field.
− Remote Accounting / Custom Accounting Port: Click on the check box to send authentication
events to a RADIUS accounting server; if so, type the TCP port should be used for transmitting
events in the Custom Accounting Port.
Returning User Group Information via RADIUS
When a RADIUS authentication attempt succeeds, Dominion KX determines the permissions for a given
user based on the permissions of the user’s group.
Your remote RADIUS server can provide these user group names by returning an attribute, implemented as
a RADIUS FILTER-ID. The FILTER-ID should be formatted as follows:
Raritan:G{GROUP_NAME}
where GROUP_NAME is a string, denoting the name of the group to which the user belongs.
RADIUS Communication Exchange Specifications
Dominion KX sends the following information to RADIUS server in an authentication query:
ATTRIBUTE DATA
USER-NAME The user name entered at the login screen.
USER-PASSWORD In PAP mode, the encrypted password entered at the login
screen.
CHAP-PASSWORD In CHAP mode, the CHAP protocol response computed from
the password and the CHAP challenge data.
NAS-IP-ADDRESS Dominion KX’s IP Address
NAS-IDENTIFIER The Dominion KX unit name as configured in “Network
Configuration” (see previous section).
NAS-PORT-TYPE The value ASYNC (0) for modem connections and
ETHERNET (15) for network connections.
NAS-PORT Always 0.
STATE If this request is in response to an ACCESS-CHALLENGE,
the state data from the ACCESS-CHALLENGE packet will
be returned.
PROXY-STATE If this request is in response to an ACCESS-CHALLENGE,
the proxy state data from the ACCESS-CHALLENGE packet
will be returned.