Specifications
Managing Access Server Security
23-14
Example: Defining Realm Default Authorization Attributes
Local> CHANGE RADIUS REALM JONAS.COM PERMISSIONS (DIALBACK)
Local> CHANGE RADIUS REALM JONAS.COM CALLBACK ENABLED DIALBACK NUMBER "1-800-555-1111"
Example: Defining Password Authentication Type
Local> CHANGE RADIUS REALM JONAS.COM ACCESS FRAMED
RADIUS Authorization
When a user attempts to log in using a realm, the user enters a string in the
following format:
user-name@realm-name
The following occurs:
Since the set of attributes that the RADIUS authentication host sends to the access
server can be incomplete, you can set default realm authorization parameters that
provide missing values to complete the authorization set. If a parameter is
missing from both the RADIUS authorization parameters and from the realm’s
default parameters, and the parameter is defined within the port configuration
information, the port supplies the value for the parameter. This resulting set of
parameters is the “authorization” information used for this session.
Stage Description
1 The access server used the realm name to determine the security method
to use when authenticating the login.
2 If the realm name is for a RADIUS server, the access server sends the login
information to a RADIUS authentication host.
3 Upon completing authentication successfully, the RADIUS authentication
host sends a list of authorization parameters to the access server after
authentication completes successfully. These parameters are the intended
settings for the user’s session.
The value NONE should be read as unspecified. This allows the port
configuration to determine the access whenever the RADIUS server’s user entry
does not specify one or more authorization attribute.
NOTE