Setting Up A Third-Party Radius Server - AudioCodes Mediant 800 User Manual

CHAPTER 16 Services
■ Set up a RADIUS server (third-party) to communicate with the device - see
Party RADIUS Server
■ Configure the device as a RADIUS client for communication with the RADIUS server - see
Configuring RADIUS Authentication

Setting Up a Third-Party RADIUS Server

The following procedure provides an example for setting up a third- party RADIUS sever,
FreeRADIUS which can be downloaded from www.freeradius.org. Follow the instructions on this
Web site for installing and configuring the server. If you use a RADIUS server from a different
vendor, refer to its appropriate documentation.
➢
To set up a third-party RADIUS server (e.g., FreeRADIUS):
1. Define the device as an authorized client of the RADIUS server, with the following:
● Predefined shared secret (password used to secure communication between the device
and the RADIUS server)
● Vendor ID (configured on the device in
Below is an example of the clients.conf file (FreeRADIUS client configuration):
#
# clients.conf - client configuration directives
#
client 10.31.4.47 {
secret
shortname
}
2. If access levels are required, set up a Vendor-Specific Attributes (VSA) dictionary for the
RADIUS server and select an attribute ID that represents each user's access level. The
example below shows a dictionary file for FreeRADIUS that defines the attribute "ACL-Auth-
Level" with "ID=35". For the device's user access levels and their corresponding numeric
representation in RADIUS servers, see
#
# AudioCodes VSA dictionary
#
VENDOR AudioCodes 5003
ATTRIBUTE ACL-Auth-Level 35 integer AudioCodes
VALUE ACL-Auth-Level ACL-Auth-UserLevel 50
VALUE ACL-Auth-Level ACL-Auth-AdminLevel 100
VALUE ACL-Auth-Level ACL-Auth-SecurityAdminLevel 200
3. Define the list of users authorized to use the device, using one of the password authentication
methods supported by the server implementation. The example below shows a user
configuration file for FreeRADIUS using a plain-text password:
# users - local user configuration database
john Auth-Type := Local, User-Password == "qwerty"
Service-Type = Login-User,
ACL-Auth-Level = ACL-Auth-SecurityAdminLevel
sue Auth-Type := Local, User-Password == "123456"
Service-Type = Login-User,
ACL-Auth-Level = ACL-Auth-UserLevel
Configuring the RADIUS Vendor
= FutureRADIUS
= audc_device
Configuring Management User
- 221 -
Mediant 800 Gateway & E-SBC | User's Manual
Setting Up a Third-
Accounts.
ID)