46 DOMINION KX USER GUIDE
Returning User Group Information via RADIUS
When a RADIUS authentication attempt succeeds, the device determines the permissions for a
given user based on the permissions of the user’s group.
Your remote RADIUS server can provide these user group names by returning an attribute,
implemented as a RADIUS FILTER-ID. The FILTER-ID should be formatted as follows:
Raritan:G{GROUP_NAME}
where GROUP_NAME is a string, denoting the name of the group to which the user belongs.
RADIUS Communication Exchange Specifications
KX101 sends the following information to RADIUS server in an authentication query:
ATTRIBUTE DATA
USER-NAME The user name entered at the login screen.
USER-PASSWORD In PAP mode, the encrypted password entered at the login screen.
CHAP-PASSWORD In CHAP mode, the CHAP protocol response computed from the
password and the CHAP challenge data.
NAS-IP-ADDRESS Dominion KX’s IP Address
NAS-IDENTIFIER The Dominion KX unit name as configured in “Network
Configuration” (see previous section).
NAS-PORT-TYPE The value ASYNC (0) for modem connections and ETHERNET
(15) for network connections.
NAS-PORT Always 0.
STATE If this request is in response to an ACCESS-CHALLENGE, the state
data from the ACCESS-CHALLENGE packet will be returned.
PROXY-STATE If this request is in response to an ACCESS-CHALLENGE, the
proxy state data from the ACCESS-CHALLENGE packet will be
returned.