SonicWALL Internet Security Appliances Network Router User Manual


 
Appendices Page 281
Configuring User Privileges
To configure user privileges, follow these steps:
1. With Steel Belted RADIUS Administrator open, click Users and select the User to configure. Or
select a profile to be configured from the Profile Name menu.
2. Click Ins and select SonicWALL-User-Privilege from the Available Attributes list.
3. Select the privilege to be set, and click Add. Repeat until all of the privileges are added for the
user.
Steel Belted RADIUS does support CHAP, so authentication takes place even if HTTPS is not
available when logging into the SonicWALL management interface. Select Allow PAP or CHAP when
setting user passwords.
ACE Server (RSA)
The ACE Server, version 4.1, from RSA, configures RADIUS attributes into the profiles. It does not
support pre-configuration of vendor-specific attributes on the server. It also only allows one vendor-
specific attribute to be set per profile, and only support vendor-specific attributes containing ASCII
text. User privileges are added manually using the following instructions:
1. Open the ACE Server Database Administrator program.
2. Select Edit Profiles from the menu, and select the profile to be configured with user privileges.
Click OK.
3. From the Available Attributes menu, select Vendor-Specific, and then click Add Attribute... .
4. Set the value to 8741 2 “privileges-list” where privileges list is a comma-separated list of 2-
letter privileges, as follows:
RA - Remote Access
BF - Bypass Filters
VC - Access from VPN Client
VA - Access to VPNs
LM - Limited Management
For example, to configure a profile with Access to VPN privileges and allow Access from VPN Client,
the value is set as follows:
8714 2 “VA, VC”
The ACE Server from RSA does not support CHAP with RADIUS, therefore it is necessary to configure
the SonicWALL to use HTTPS when logging into the SonicWALL management interface.