1. Manuals
  2. Brands
  3. AKCP Manuals
  4. Measuring Instruments
  5. FreeRADIUS SP+
  6. User manual

AKCP FreeRADIUS SP+ User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
www.AKCP.com
SP+ Radius User Manual
Copyright © 2023, AKCP

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FreeRADIUS SP+ and is the answer not in the manual?

Questions and answers

Related Manuals for AKCP FreeRADIUS SP+

Summary of Contents for AKCP FreeRADIUS SP+

  • Page 1 SP+ Radius User Manual Copyright © 2023, AKCP...

  • Page 2: Table Of Contents

    SP+ Radius User Manual Table of Contents Introduction ......................3 Setting up Radius on the sensorProbe+ ..............4 1. Enable the Radius Server authentication ..........4 2. Set up the connection in the sensorProbe+ Web UI ........7 How it works ......................11 Authorization and Privilege Level checking ...........

  • Page 3: Introduction

    SP+ Radius User Manual Introduction What is RADIUS Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service. This is a feature that we’ve added to the sensorProbe+ web interface so that the unit can be accessed securely through a Radius Server running on the Local Area Network.

  • Page 4: Setting Up Radius On The Sensorprobe

    SP+ Radius User Manual Setting up Radius on the sensorProbe+ Enable the Radius Server authentication First log in to the sensorProbe+ as an Administrator (Admin user). Then navigate to the Settings page >> Password Checking and turn it on as shown in the screen shot above.
  • Page 5 SP+ Radius User Manual Enable the Radius password checking on the sensorProbe+ by choosing the Radius Mode: ▪ Authentication: usernames and passwords will be ONLY checked with Radius server ▪ Authentication and Accounting: as above but also log the access data on the server The most important parameters for the configuration are: 1.
  • Page 6 SP+ Radius User Manual You can also specify secondary servers for redundancy (both for Authentication and Accounting), but if you only have one server just use the Primary server’s options and leave the Secondary settings at default. Scroll down the screen to enter the Secondary server options, or leave...

  • Page 7: Set Up The Connection In The Sensorprobe+ Web Ui

    SP+ Radius User Manual Set up the connection in the sensorProbe+ Web UI Specify the parameters for the Radius Primary Authentication Server. Now you need to enter the IP address of the server machine, the port and the shared secret, then click on the “Test Request”...
  • Page 8 SP+ Radius User Manual If the Radius server is running, the settings and the login details are correct, you will receive the “Successful” notification as shown in the screen shot above. If you get an error popup, check that the server settings are correctly set up in the configuration for the Authentication server, and that the user name and password is correct.
  • Page 9 SP+ Radius User Manual Press the Save button to save the settings if the test was successful. Simply repeat the same steps to connect to an Accounting server. Accounting is optional and you don’t need to specify it if you select only Authentication mode. Note: It is recommended to confirm the server settings with a test, since you won’t be able to log in again if your settings are wrong.
  • Page 10 SP+ Radius User Manual The system will then log you out of the web interface and connect to the Radius server for password checking. Now you can log into the web interface using only the Radius usernames and passwords. However, the built-in local Admin user will always be available to use. Also, the unit falls back to local authentication mode if a Radius server is unreachable.

  • Page 11: How It Works

    16-31 - User 32 and above - Admin In order for this to work, the Radius server’s configuration needs to have the AKCP-User-Role custom vendor attribute defined in the “dictionary” file. You can copy-paste the following to add this new attribute to the dictionary file:...
  • Page 12 SP+ Radius User Manual IMPORTANT: Make sure to use TAB (or double TAB) character after a newline to add the AKCP-User-Role attribute per user. Space, comma etc. will not work! testuser Cleartext-Password := "testpw" AKCP-User-Role := 16 # 16 = User level testadmin Cleartext-Password := "admin1"...

  • Page 13: Authentication

    NAS-IP-Address This Attribute indicates the identifying IP Address of the NAS which is requesting the authentication of the user. AKCP's NAS-IP-Address is the SP+ unit’s IP Address. Service-Type This Attribute indicates the type of service the user has requested, or the type of service to be provided.

  • Page 14: Accounting

    Acct-Session-Id The Acct-Session-Id is a unique Accounting ID to make it easier to match the start and stop records in a log file. AKCP's Acct-Session-Id is a string that consists of: u<user's IP>n<SP+ IP>r<Radius's IP>_<Random ID> - 14 -...
  • Page 15 SP+ Radius User Manual Acct-Authentic This attribute is included in an Accounting-Request with Acct-Status-Type set to Start to indicate how the user was authenticated. Possible value: 1 RADIUS. Acct-Terminate-Cause This attribute is included in an Accounting-Request with Acct-Status-Type set to Stop to indicate how the session was terminated.

  • Page 16: Primary, Secondary Server And The Fail-Over Algorithm

    SP+ Radius User Manual Primary, Secondary Server and the Fail-over algorithm In the sensorProbe+, users can setup Primary and Secondary Radius Servers for both Authentication and Accounting. For Access-Request, Accounting-Start and Accounting-Stop packages, the sensorProbe+ will try to send these packages to the primary server first. If the primary server has failed then the unit will try with the secondary server (if the user enables it in the configuration).

  • Page 17: Troubleshooting

    Example log from a Radius server assigning the attribute 19 for the user when logging in from the unit: (1) Sent Access-Accept Id 25 from 192.168.1.24:1812 to 192.168.1.152:60443 length 0 (1) AKCP-User-Role = 19 (1) Finished request Also try to refresh the browser web cache with CTRL-F5, if you’ve recently upgraded the firmware.
  • Page 18 SP+ Radius User Manual Please contact support@akcp.com if you have any further technical questions or problems Thanks for Choosing AKCP! - 18 -...

Table of Contents