Deployment Guide

100 | RADIUS Services Amigopod 3.7 | Deployment Guide

 No authorization—Authenticate only may be used to remove all RADIUS attributes not related to

authentication

 The RADIUS server will return an Access-Accept or Access-Reject message indicating the result of

the authentication attempt.

 Use the common name of the client certificate to match a local user account may be specified for

users authenticated via EAP-TLS on a client’s local certificate server.

 The RADIUS server will return an Access-Accept or Access-Reject message indicating the result of

the authentication attempt.

 Use attributes from Proxy RADIUS server may be used with a Proxy RADIUS external

authentication server.

 The RADIUS server passes through the Access-Accept or Access-Reject message from the proxy

server, as well as all RADIUS attributes returned by the proxy server.

 Use this option when authorization is performed entirely by the proxy RADIUS server.

 Assign a fixed user role may be used to map all users authenticated by an external authentication

server into a single RADIUS user role.

 The RADIUS server will return an Access-Reject message if the user authentication fails.

 If the authentication is successful, the user is authorized using the specified role. The RADIUS server

will return an Access-Reject message if the authorization fails.

 The RADIUS server will return an Access-Accept message that includes the corresponding attributes

from the user role if the authentication and authorization steps are both successful.

 Use PHP code to assign a user role (Advanced) may be used to control the mapping between the

user account returned by an external authentication server and the RADIUS user role.

 The RADIUS server will return an Access-Reject message if the user authentication fails.