Table of Contents
Advertisement
User authentication
RADIUS user configuration
When configured to use RADIUS support, the Connect IT 16/48 device uses a remote RADIUS server
for user authentication (password verification) and authorization (assigning the access level of the
user). Additional RADIUS servers can be configured as backup servers for user authentication.
This section outlines how to configure a RADIUS server to be used for user authentication on your
Connect IT 16/48 device.
Example FreeRADIUS configuration
With FreeRADIUS, users are defined in the users file in your FreeRADIUS installation. To define users:
1. Open the FreeRadius user file in a text editor. For example:
$ sudo gedit /etc/freeradius/3.0/users
2. Add users to the file using the following format:
user1 Cleartext-Password := "user1"
Unix-FTP-Group-Names := "admin"
user2 Cleartext-Password := "user2"
Unix-FTP-Group-Names := "serial"
The Unix-FTP-Group-Names attribute is optional. If used, the value must correspond to
authentication groups configured on your Connect IT 16/48. Alternatively, if the user is also
configured as a local user on the Connect IT 16/48 device and the RADIUS server authenticates
the user but does not return any groups, the local configuration determines the list of groups.
See
Authentication groups
Group-Names attribute can contain one group or multiple groups in a comma-separated list.
3. Save and close the file.
4. Verify that your changes did not introduce any syntax errors:
$ sudo freeradius -CX
This should return a message that completes similar to:
...
Configuration appears to be OK
5. Restart the FreeRADIUS server:
$ sudo /etc/init.d/freeradius restart
RADIUS server failover and fallback to local configuration
In addition to the primary RADIUS server, you can also configure your Connect IT 16/48 device to use
backup RADIUS servers. Backup RADIUS servers are used for authentication requests when the
primary RADIUS server is unavailable.
Falling back to local authentication
With user authentication methods, you can configure your Connect IT 16/48 device to use multiple
types of authentication. For example, you can configure both RADIUS authentication and local
authentication, so that local authentication can be used as a fallback mechanism if the primary and
Digi Connect IT® 16/48 User Guide
Remote Authentication Dial-In User Service (RADIUS)
for more information about authentication groups. The Unix-FTP-
525
Advertisement
Table of Contents
