[Top] [Table Of Contents] [Prev] [Next] [Index]
4 out of 18 total pages

Introducing RADIUS   1


       Introduction to RADIUS

  The Remote Authentication Dial-In User Service (RADIUS) is a client/server security protocol created by Lucent InterNetworking Systems. RADIUS is an Internet draft standard protocol. See RFCs 2138 and 2139 for more information on RADIUS.
  User profiles are stored in a central location, known as the RADIUS server. RADIUS clients (such as a PortMaster communications server) communicate with the RADIUS server to authenticate users. The server specifies back to the client what the authenticated user is authorized to do. Although the term RADIUS  refers to the network protocol that the client and server use to communicate, it is often used to refer to the entire client/server system.

       Overview of RADIUS Features

  RADIUS offers the following features:
  The RADIUS for UNIX server version 2.1 is available in ready-to-run binary form for the following operating systems:

       How RADIUS Works

  RADIUS performs three primary functions. The RADIUS for UNIX server version 2.1 adds enhancements for ease of use.

       Basic RADIUS Functions

  The primary functions of RADIUS are authentication, authorization, and accounting. Figure 1-1shows the authentication and authorization process.

       Ease-of-Use Enhancements

  RADIUS 2.1 for UNIX provides the following enhancements to improve RADIUS functionality:

       Feature No Longer Supported

  The obsolete RADPASS feature is no longer available.

       RADIUS Directory Structure

  RADIUS server files are stored in the raddb  (RADIUS database) directory. The raddb  directory is typically placed within the /etc  directory. Lucent InterNetworking Systems recommends that you use this default.
  The raddb  directory contains files and subdirectories organized as shown in Figure 1-2 and explained in the list that follows. A dotted line indicates an optional file.

  Figure 1-2 RADIUS Directory Structure

  The RADIUS server uses the User Datagram Protocol (UDP) and the following UDP ports:
  If different ports are assigned to these services in the /etc/services  file, RADIUS uses those ports in preference to the default ports listed above. You can also specify different UDP ports by using the radiusd -p  portnumber  command on UNIX hosts. Port 1812 is reserved for RADIUS authentication and port 1813 is reserved for RADIUS accounting. See Appendix C, "RADIUS Options," for more information.

  Note ¯ PortMaster products use ports 1645, 1646, 1650, and 1651 by default; this is specified by ComOS and cannot be modified in ComOS versions prior to 3.8. If you change the port number as stated above, RADIUS might work with other network access servers (NASs) but cannot authenticate users or gather accounting data for accesses to PortMaster products unless they are running ComOS version 3.8 or later.


       RADIUS Installation and Configuration

  Table 1-1 provides a quick overview of the tasks required to install and configure RADIUS.

  Table 1-1 Overview of RADIUS Installation and Configuration Tasks  

  Task    Instructions 
 1. Select a host to use as the RADIUS server.  See "Getting Started" on page 2-1.
 2. Install the RADIUS server software on the host.

  · See "Installing RADIUS on a UNIX Host" on page 2-3

 3. Configure client information on the RADIUS server.  See "Modifying the clients File" on page 3-1.
 4. Configure the PortMaster as a RADIUS client.  See one of the following:

  · "Configuring the PortMaster Using the Command Line Interface" on page 3-2."

  · "Configuring the PortMaster Using PMVision" on page 3-4."

 5. Configure user profiles.  See Chapter 4, "Configuring User Information."
 6. You can optionally define menus to enable authenticated users to select different login options.  See Chapter 5, "Configuring RADIUS Menus."
 8. You can optionally install and configure ActivCard.1  See Chapter 6, "Installing and Configuring ActivCard."
 7. You can optionally install and configure SecurID.2  See Chapter 7, "Installing and Configuring SecurID."
 9. You can optionally install and configure RADIUS accounting.  See Chapter 8, "Implementing RADIUS Accounting."
 10. You can optionally configure RADIUS proxy service.  See Chapter 9, "Configuring RADIUS Proxy Service."

[Top] [Table Of Contents] [Prev] [Next] [Index]
4 out of 18 total pages
Copyright © 1999, Lucent Technologies. All rights reserved.