Appendix I
Standard Attributes
RADIUS Configuration Illustration
This section provides illustrations for configuring RADIUS authentication. One
illustration is based on the Microsoft
other is based on a FreeRADIUS server.
The following steps are required for any RADIUS authentication:
1.
Configure RADIUS authentication on the PX3TS. See
(on page 365).
2.
Configure roles on the PX3TS. See
3.
Configure PX3TS user credentials and roles on your RADIUS server.
▪
To configure using standard attributes, see
page 792).
▪
To configure using vendor-specific attributes, see
Attributes
(on page 811).
Note that we assume that the NPS is running on a Windows 2008 system in the
NPS illustrations.
In This Chapter
Standard Attributes .......................................................................................... 792
Vendor-Specific Attributes ............................................................................... 811
AD-Related Configuration ................................................................................. 824
The RADIUS standard attribute "Filter-ID" is used to convey the group
membership, that is, roles.
•
If a user has multiple roles, configure multiple standard attributes for this
user.
•
The syntax of a standard attribute is:
Raritan:G{role-name}
For configuration on NPS, see
792).
For configuration on FreeRADIUS, see
Illustration
(on page 810).
NPS Standard Attribute Illustration
To configure Windows 2008 NPS with the standard attribute, you must:
a.
Add your PX3TS to NPS. See
(on page 793).
Network Policy Server (NPS), and the
®
Creating Roles
(on page 302).
Standard Attributes
NPS Standard Attribute Illustration
FreeRADIUS Standard Attribute
Step A: Add Your PX3TS as a RADIUS Client
Adding Radius Servers
(on
Vendor-Specific
(on page
792