Table of Contents
Advertisement
Network and Security Manager Administration Guide
Configuring Authentication Server Types
398
of separators found in a username, the device strips domain name information to the
number of separators found (when reading right to left).
In the Server Type tab, select the authentication server type (RADIUS, SecureID, LDAP)
to configure specific settings for that server type:
For RADIUS, see "Configuring a RADIUS Authentication Server" on page 398.
For SecureID, see "Configuring a SecurID Authentication Server" on page 402
For LDAP, see "Configuring a RADIUS Authentication Server" on page 398
Configuring a RADIUS Authentication Server
The Remote Authentication Dial-In User Service (RADIUS) is a protocol for an
authentication server that can support up to tens of thousands of users. The security
device acts as a RADIUS client that authenticates users. When users log in, the RADIUS
client (the security device) prompts them for their user name and password, then
compares these values with the values stored in the RADIUS database. If the values
match, the RADIUS client authenticates the user and permits access to the appropriate
network services.
For a RADIUS authentication server object, configure the following:
RADIUS Port—The port number on the RADIUS server to which a security device sends
authentication requests. The default port number is 1645.
RADIUS Secret—The secret (password) shared between a security device and the
RADIUS server. The RADIUS server uses the shared secret to generate a key to encrypt
traffic between the security device and the RADIUS server. The security device uses
the shared secret to encrypt the user's password that it sends to the RADIUS server.
RADIUS Retry Timeout—The interval (in seconds) that a security device waits before
sending another authentication request to the RADIUS server if the previous request
does not elicit a response. The default is three seconds.
RADIUS Retries—The number of unanswered requests (access and accounting) that
a security device sends before it considers the RADIUS server unreachable and fails
over to a backup server. To configure, enter the number of retries (1 to 20); the default
is three.
RADIUS Compatible with RFC 2138—When selected, enables the authentication server
to comply with RFC 2138, an older RADIUS standard, with the following considerations:
For operations where RFC 2865/66 and RFC 2138 are mutually exclusive, the server
complies with RFC 2138 only.
For operations where RFC 2865/66 and RFC 2138 are both supported, the server
complies with all three RFCs.
When unselected (default), the server is compatible only with the current RADIUS
standards RFC 2865 and 2866.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers