Authentication
TUT Systems, Inc Page 52 of 104 P/N 220-06288-20
SMS2000 can substitute subscriber information for replaceable parameters in the URL.
For example, here the set authok command is shown using the secret as well as the
blockall parameters, and a URL with parameters embedded in it which are handled
during the redirect.
sms2000% set authok
http://www.myserver.com/mypath/myscript.cgi
?port=$port&host=$host&
mac=$mac&group=$group&origurl=$origurl&seq=$seq&sig=$sig secret
mysecret blockall
Note:
This can be used in conjunction with an OCS to create a free service at
slower speeds, selling higher speed services through the SMS2000.
Deleting the authok Page
To delete the URL (forcedweb page) to which a subscriber is automatically redirected
when authentication is complete or to which a subscriber connects if authentication is off,
use this command:
delete authok
For example, To delete the URL for subscriber access, type:
sms2000% delete authok
Authentication with RADIUS
Note: A RADIUS accounting server must be separately configured if RADIUS
accounting is desired.
Adding a RADIUS Server
Use the auth add radius command to configure a RADIUS server as the authentication
server for the current group. When a subscriber connects to the SMS2000, he is
automatically redirected to a login page, which requires a user name and password. This
information is sent to the configured RADIUS server. If the server approves, the
subscriber is granted access, and accounting information is automatically sent to the
RADIUS accounting server.
Beginning with the 2.3.6 release of SMS software, many RADIUS attributes and
additional features have been added.
For example:
• Add multiple RADIUS servers for fault-tolerance
• Add Alias IP addresses for clustered RADIUS Servers
• Configure retransmission, deadtime, and timeout timers