Appendix F: The Radius Server; Controlling Telereach User Permissions Via Radius Filter-Id Attributes - Raritan TeleReach TR361 User Manual

82

APPENDIX F: The RADIUS Server

This Appendix discusses the RADIUS server and how it interacts with TeleReach to accommodate
TeleReach as a RADIUS client. For information on designating the TeleReach unit itself as a RADIUS
client see – the Radius Configuration screen (Figure 58) in [R] Radius Configuration under [C]
Configure TeleReach.
Controlling TeleReach User Permissions via RADIUS FILTER-ID
Attributes
TeleReach recognizes optional "FILTER-ID" RADIUS attributes returned by the RADIUS server. These
returned FILTER-ID attributes communicate permissions for each user, which override default
permissions set for all RADIUS users under "Default Radius Permissions" – [User permissions (Net,
Modem, PC Share) – (Default), Admin permissions (Net, Modem, PC Share), and None, must use
RADIUS attributes]. – see the Radius Configuration screen (Figure 58) and RADIUS Users Initial
TeleReach Permissions (Figure 60).
The FILTER-ID attribute tells TeleReach what permissions to grant or deny each specific RADIUS
user (or user group, since most RADIUS servers can be configured to return this optional attribute per
user or for groups of users).
The FILTER-ID attribute contains an ASCII text string. The form of the string is the text −
"TeleReach:letter(s)" − with the letter(s) being one or more of the case sensitive letters that add or
subtract permissions, as follows:
A Add administrator permissions.
a Subtract administrator permissions.
K Add keyboard and mouse control permissions.
k Subtract keyboard and mouse control permissions.
M Add modem access permissions.
m Subtract modem access permissions.
N Add network access (using TeleReach Remote Client software) permissions.
n Subtract network access (using TeleReach Remote Client software) permissions.
W Add web browser access permissions.
w Subtract web browser access permissions.
P Add PC Share permissions.
p Subtract PC Share permissions.
Example # 1:
If the "Default RADIUS permissions" option is set to "User permissions (Net,Modem,PC Share)" and
the RADIUS server returned a FILTER-ID attribute with the string "TeleReach:m", the modem access
permission would be removed from the user. The user would be left with Network (TeleReach Remote
Client Software), Web Browser, and PC Share permissions.
Example # 2:
If the "Default RADIUS permissions" option is set to "None, must use RADIUS attributes" and the
RADIUS server returned a FILTER-ID attribute with the string "TeleReach:NAP", then the user would
have network access, administrator, and PC Share permissions. The user would not have web
browser permissions.
APPENDIX F: The RADIUS Server