Table of Contents
Advertisement
APPENDIX F: The RADIUS Server
NOTE: When the "Default RADIUS permissions" option is set to "None, must use RADIUS attributes",
RADIUS user access to TeleReach will be denied unless the FILTER-ID is used to grant the user
permissions.
RADIUS Attributes Generated by TeleReach
TeleReach sends the following RADIUS attributes to the RADIUS server with each access request:
Attribute
USER-NAME
USER-PASSWORD
CHAP-PASSWORD
NAS-IP-ADDRESS
NAS-IDENTIFIER
NAS-PORT-TYPE
NAS-PORT
STATE
PROXY-STATE
TeleReach sends the following RADIUS attributes to the RADIUS server with each accounting
request:
Attribute
SESSION-TYPE
SESSION-ID
USER-NAME
NAS-IP-ADDRESS
NAS-IDENTIFIER
NAS-PORT-TYPE
NAS-PORT
FILTER-ID
CLASS
ACCT-AUTHENTIC
Data
The user name entered at the login screen.
In PAP mode, the encrypted password entered at the login screen.
In CHAP mode, the CHAP protocol response computed from the password and the
CHAP challenge data.
TeleReach's IP Address
If the TeleReach unit's name, entered at the TeleReach Admin Console on the
Network Configuration screen, is left to the default name "TeleReach," then the
identifier will simply be "TeleReach". If another name is entered as an alternative to the
default name "TeleReach," then the identifier will be "TeleReach.<name>" where
<name> represents the alternative name entered on the Network Configuration screen.
The value ASYNC (0) for modem connections and ETHERNET (15) for network
connections.
Always 0.
If this request is in response to a ACCESS-CHALLENGE, the state data from the
ACCESS-CHALLENGE packet will be returned.
If this request is in response to a ACCESS-CHALLENGE, the proxy state data from the
ACCESS-CHALLENGE packet will be returned.
Data
Either START (1) for log in or STOP (2) for log out.
A string containing a unique session name. The name is in the format of "<NAS-
IDENIFIER>:<user IP address>:<number>" where <NAS-IDENTIFER> is the string
from the NAS-IDENTIFIER attribute, <user IP address> is the IP address of the user's
remote PC, and <number> is a unique sessions number. Example:
"TeleReach:192.168.1.100:122"
The user name entered at the login screen.
TeleReach's IP Address
If the TeleReach unit's name, entered at the TeleReach Admin Console on the
Network Configuration screen, is left to the default name "TeleReach," then the
identifier will simply be "TeleReach". If another name is entered as an alternative to the
default name "TeleReach," then the identifier will be "TeleReach.<name>" where
<name> represents the alternative name entered on the Network Configuration screen.
The value ASYNC (0) for modem connections and ETHERNET (15) for network
connections.
Always 0.
Any FILTER-ID attributes returned by the RADIUS server during authentication will be
sent in each accounting request.
Any CLASS attributes returned by the RADIUS server during authentication will be
sent in each accounting request.
How the user was authenticated. Either RADIUS (1) if the user was authenticated by
the RADIUS server or LOCAL (2) if the user was authenticated by TeleReach's built-in
user name database.
83
Advertisement
Table of Contents
