User guide
Security Administration NMS RADIUS Client Support
102
AlliedView NMS Administration Guide
4.8 NMS RADIUS Client Support
4.8.1 Overview
Starting in NMS Release 11.0 SP5, RADIUS Authentication for NMS user logins is supported. Prior to this feature, NMS
supported devices that used RADIUS/TACACS (see 4.7), but NMS user ids were not authenticated via these methods. With
this feature, an open source RADIUS client is integrated into the NMS server, using a central RADIUS server on the
customer’s network.
Note: RADIUS is specified in RFC 2865 (http://www.ietf.org/rfc/rfc2865.txt).
The NMS Security Management feature, as explained in 4.4, has pre-defined groups (Users and Admin) with default
permissions. Moreover, custom groups can be added. The Security Management and NMS RADIUS Client Support feature
need to be coordinated to ensure that these groups and permissions are usable to the RADIUS-authenticated users. This is
explained in detail in the rest of this section, especially 4.8.4.
Activation of this feature involves provisioning in two main areas:
1. At the RADIUS server, accounts are defined in the RADIUS database according to the configuration procedures of the
RADIUS platform selected (Free RADIUS, Cisco Secure ACS etc.). Accounts are given passwords and assigned to permission
groups.
2. At the NMS server, RADIUS authentication is enabled or disabled from an Authorization Configurator GUI, as explained
in 4.8.2.
Note: Provisioning at the RADIUS server is outside the control of this feature, but is required and must be provisioned correctly for
this feature to function correctly. Moreover, there are many RADIUS server distributions, and all should be compatible, but the
example inputs are for FreeRADIUS and Cisco Secure ACS.
The following figures provide an overview of the process and steps to activate RADIUS (the steps to deactivate are
essentially the reverse).