Table of Contents
Advertisement
User authentication
RADIUS user configuration
After setting up the RADIUS server, you will need to configure one or more users on the server. When
configured with RADIUS support, the TX54 device uses the RADIUS server for authentication
(password verification) and authorization (assigning the access level of the user).
Example FreeRADIUS Configuration
With FreeRADIUS, users are defined in the users file in your FreeRADIUS installation. To define users:
1. Open the FreeRadius user file in a text editor. For example:
$ sudo gedit /etc/freeradius/3.0/users
2. Add users to the file using the following format:
user1 Cleartext-Password := "user1"
Unix-FTP-Group-Names := "admin"
user2 Cleartext-Password := "user2"
Unix-FTP-Group-Names := "serial"
The value of the Unix-FTP-Group-Names attribute must correspond to authentication groups
configured on your TX54. See
groups. The groupname attribute can contain one group or multiple groups in a comma-
separated list.
3. Save and close the file.
4. Verify that your changes did not introduce any syntax errors:
sudo freeradius -CX
This should return a message that completes similar to:
...
Configuration appears to be OK
5. Restart the FreeRADIUS server:
sudo /etc/init.d/freeradius restart
RADIUS server failover and fallback to local configuration
In addition to the primary RADIUS server, you can also configure your TX54 device to use backup
RADIUS servers. Backup RADIUS servers are used for authentication requests when the primary
RADIUS server is unavailable.
Falling back to local authentication
With user authentication methods, you can configure your TX54 device to use multiple types of
authentication. For example, you can configure both RADIUS authentication and local authentication,
so that local authentication can be used as a fallback mechanism if the primary and backup RADIUS
servers are unavailable. Additionally, users who are configured locally but are not configured on the
RADIUS are still able to log into the device. Authentication methods are attempted in the order they
are listed until the first successful authentication result is returned; therefore if you want to ensure
that users are authenticated first through the RADIUS server, and only authenticated locally if the
TX54 User Guide
Remote Authentication Dial-In User Service (RADIUS)
Authentication groups
for more information about authentication
546
Advertisement
Table of Contents
