Returning User Group Information Via Radius; Radius Communication Exchange Specifications - Raritan Dominion KX II Server KX2-432 User Manual

88

Returning User Group Information via RADIUS

When a RADIUS authentication attempt succeeds, the Dominion KX II device determines the
permissions for a given user based on the permissions of the user's group.
Your remote RADIUS server can provide these user group names by returning an attribute,
implemented as a RADIUS FILTER-ID. The FILTER-ID should be formatted as follows:
Raritan:G{GROUP_NAME}
where is a string, denoting the name of the group to which the user belongs.
GROUP_NAME

RADIUS Communication Exchange Specifications

The Dominion KX II unit sends the following RADIUS attributes to your RADIUS server:
A
TTRIBUTE
Access-Request (1)
NAS-Port-Type (61)
NAS-IP-Address (4)
User-Name (1)
Acct-Session-ID (44)
User-Password(2):
Accounting-Request(4)
Acct-Status (40)
NAS-Port-Type (61)
NAS-Port (5)
NAS-IP-Address (4)
User-Name (1)
Acct-Session-ID (44)
Accounting-Request(4)
Acct-Status (40)
NAS-Port-Type (61)
NAS-Port (5)
NAS-IP-Address (4)
User-Name (1)
Acct-Session-ID (44)
L
OGIN
VIRTUAL (5) for network connections.
The IP Address for the Dominion KX II unit.
The user name entered at the login screen.
Session ID for accounting.
The encrypted password.
Start(1) – Starts the accounting.
VIRTUAL (5) for network connections.
Always 0.
The IP Address for the Dominion KX II unit.
The user name entered at the login screen.
Session ID for accounting.
L
OGOUT
Stop(2) – Stops the accounting
VIRTUAL (5) for network connections.
Always 0.
The IP Address for the Dominion KX II unit.
The user name entered at the login screen.
Session ID for accounting.
D KX II U
OMINION
D
ATA
G
SER UIDE