Authorization For External Authentication Servers - Aruba Networks PowerConnect W Clearpass 100 Software Manual

Authorization for External Authentication Servers

When a RADIUS Access-Request for a particular user is handled using an external authentication
server, the user's authorization is determined by the Authorization settings for that server.
The RADIUS Authentication diagnostic can be used to demonstrate the difference between the
various authorization methods.
To use the diagnostic, navigate to RADIUS > Server Control and click the Test RADIUS
Authentication command link. Enter the username and password for a user that is externally
authenticated.
Click the Run button to perform RADIUS authentication and display the results:
•
With authorization method No authorization – Authenticate only:
Sending Access-Request of id 165 to 127.0.0.1 port 1812
User-Name = "demouser"
User-Password = "XXXXXXXX"
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=165,
length=20
Note that in this case, no RADIUS attributes are returned. The Access-Accept or Access-Reject
result indicates whether the user was successfully authenticated.
•
With authorization method Assign a fixed user role:
Sending Access-Request of id 122 to 127.0.0.1 port 1812
User-Name = "demouser"
User-Password = "XXXXXXXX"
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=122,
length=27
Reply-Message = "Guest"
Note that in this case, the RADIUS attribute returned (Reply-Message) corresponds to the user role
selected.
Amigopod |Technical Note External Authentication Servers |11