Radius Attributes Sent In Access-Request Packets; Radius Attributes Received In Access-Accept Packets; Using Both Radius And Ocs Authentication - Tut Systems SMS2000 User Manual

Using SMS with RADIUS Server
RADIUS Attributes Sent In Access-
Request Packets
The SMS2000 sends the following attributes in Access-Request packets. The RADIUS
server may choose to ignore any or all of these. The RADIUS server may make its access
response based on any or all of these.
User-Name(1)
User-Password(2)
NAS-IP-Address(4)
NAS-Identifier(32)
NAS-Port(5)
Service-Type(6)
Framed-Protocol(7)
Tut:Mac-Address(1748:3)
NAS-Port-Type(61)
Tut :Client-IP-Address(1748 :5)
Framed-IP-Address(8)
RADIUS Attributes Received in Access-
Accept Packets
See Appendix A, "Radius Access-Accept Dictionary File" for an example of how the
SMS2000 uses the attributes defined in a dictionary file.
Using Both RADIUS and OCS
Authentication
Because the OCS in some ways manages the SMS2000, there can be only one OCS
server configured on the SMS2000, and it must be for the default group. However, a
RADIUS authentication server can be added to any group, and the OCS may be on or off
for various groups.
To configure both RADIUS and the OCS on one SMS2000, enter the following
commands:
sms2000% auth off
sms2000% group add radgroup
sms2000% group *
Active group is now "*"
sms2000% auth add web http://web_ip/pp/welcome.php3 secret
web_secret cmd-serv
sms2000% acct add radius radius_ip secret radius_secret
sms2000% group radgroup
Active group is now "radgroup."
sms2000% auth add radius radius_ip secret radius_secret
sms2000% acct add radius radius_ip secret radius_secret
sms2000% set rule israd 1 rule_expression
If your OCS is configured, you need not turn authentication off. Simply use group
Note:
add radgroup noinherit to prevent the new group from inheriting the OCS server
configuration.
TUT Systems, Inc Page 81 of 104 P/N 220-06288-20