88
Returning User Group Information via RADIUS
When a RADIUS authentication attempt succeeds, the Dominion KX II device determines the
permissions for a given user based on the permissions of the user's group.
Your remote RADIUS server can provide these user group names by returning an attribute,
implemented as a RADIUS FILTER-ID. The FILTER-ID should be formatted as follows:
Raritan:G{GROUP_NAME}
where
is a string, denoting the name of the group to which the user belongs.
GROUP_NAME
RADIUS Communication Exchange Specifications
The Dominion KX II unit sends the following RADIUS attributes to your RADIUS server:
A
TTRIBUTE
Access-Request (1)
NAS-Port-Type (61)
NAS-IP-Address (4)
User-Name (1)
Acct-Session-ID (44)
User-Password(2):
Accounting-Request(4)
Acct-Status (40)
NAS-Port-Type (61)
NAS-Port (5)
NAS-IP-Address (4)
User-Name (1)
Acct-Session-ID (44)
Accounting-Request(4)
Acct-Status (40)
NAS-Port-Type (61)
NAS-Port (5)
NAS-IP-Address (4)
User-Name (1)
Acct-Session-ID (44)
L
OGIN
VIRTUAL (5) for network connections.
The IP Address for the Dominion KX II unit.
The user name entered at the login screen.
Session ID for accounting.
The encrypted password.
Start(1) – Starts the accounting.
VIRTUAL (5) for network connections.
Always 0.
The IP Address for the Dominion KX II unit.
The user name entered at the login screen.
Session ID for accounting.
L
OGOUT
Stop(2) – Stops the accounting
VIRTUAL (5) for network connections.
Always 0.
The IP Address for the Dominion KX II unit.
The user name entered at the login screen.
Session ID for accounting.
D
KX II U
OMINION
D
ATA
G
SER
UIDE