Configuring Authentication
The information required to configure the RADIUS service for authentication is defined in Table 5-8 as
follows:
Table 5-8. RADIUS Authentication Service Configuration
Field/Option Description
Name Your name for this authentication method. You can use any alphanumeric
string as the name.
Server The Fully Qualified Domain Name (FQDN) or IP address of the server running
the LDAP service.
Port UDP Port for RADIUS (Default is 1812).
Secret The shared secret for this RADIUS server.
Confirm Secret The shared secret, entered a second time to confirm.
Group Identity Field The RADIUS attribute that contains Identity Profile membership information.
Reauthentication Field The name of a RADIUS attribute that contains a time specification (in
seconds) used to force periodic user reauthentication. The default attribute is
Session-Timeout.
For example, if the value retrieved from this field is 7200 seconds (2 hours)
all users will be forced to reauthenticate every 2 hours.
Timeout Authentication server request timeout (in seconds). If the RADIUS server has
not completed the authentication requests within this interval, the
authentication is considered to have failed.
Enable RADIUS Accounting (RFC
2866)
Check this to enable RADIUS accounting support using this RADIUS server.
The RADIUS server must support RFC 2866. See —Using RADIUS for
Accounting“ on page 5-20 for more details about the RADIUS accounting
feature.
on Port UDP port for RADIUS accounting (Default is 1813).
Supports Microsoft‘s attributes
(RFC 2548)
Check this to indicate that the RADIUS server supports Microsoft vendor-
specific RADIUS attributes, including MSCHAP.
Note: You must check this if you will use this RADIUS server to authenticate
PPTP or L2TP sessions.
Step 5. Click Save when you have finished.
Using RADIUS for Accounting
You can configure the Rights Manager to provide accounting information to a RADIUS accounting server,
as defined in RFC 2866. RADIUS accounting gathers information at the start and end of a client’s activity
session about the resources (time, packets, bytes etc) that were used during that session. An activity
session in this context is the period between when the client logs on to or roams to the Access Controller,
and when the client leaves the Access Controller, by logging off or roaming away.
You can use RADIUS accounting either in addition to or independently of using RADIUS for
authentication. When you set up RADIUS as an Authentication Service, you can specify that it also be
used for accounting. If you did not enable the accounting feature when you initially set up the RADIUS
Authentication Service, you can modify the Authentication Service to enable RADIUS accounting. You
can also create a RADIUS Authentication Service specifically to use for accounting.
5-20 HP ProCurve Secure Access 700wl Series Management and Configuration Guide
