Manualshelf

User guide

ManualsBrandsDigi ManualsComputer equipmentTS 8 MEI
31323334353637383940
Configure Security Features
38 Chapter 1 Command Line Configuration Tasks
Use RADIUS to Authenticate Users
The RADIUS feature is available on all PortServer TS Family products only.
It is not supported on Digi One Family devices.
RADIUS (remote authentication dial-in user service) is a method of
maintaining a database of profiles of dial-in users. These profiles can
include login and password information, as well as other user attributes.
The device server can be configured to use RADIUS. Digi device and
terminal servers are capable of authenticating reverse Telnet users with
RADIUS. The Service-Type attribute of the RADIUS server must be
defined correctly for the Digi devices to grant access.
RADIUS requires two components: an authentication host server, and
client protocols. The device server implements the client protocol. A host
must implement the authentication server application.
When a device server is configured for RADIUS, the authentication
process is as follows:
A user logs into device server.
The device server collects login information and then checks to see if
the user is in the local database of users.
If the user is in the local database, device server handles
authentication.
If the user is not in the local database, device server submits an
authentication request to the RADIUS server.
If the user is validated, the RADIUS server passes this information to
other devices and the user is permitted access. If the user is not
validated, the RADIUS server returns an access reject message to
device server, which then denies access to the user.
The “set radius” Command
To configure device server to function as a RADIUS client, enter a
“set radius” command that specifies the following:
•run=on
The IP address of the primary RADIUS server (on the “primary” option).
The primary server is the first server to which authentication requests
are sent.
A password (on the “secret” option)
For example:
#> set radius run=on primary=199.123.15.129 secret=J9CxegpP
For more information, see "set radius" on page 181.
Using a Secondary RADIUS Server
To use a secondary RADIUS server, supply a second “set radius”
command that specifies “run=on,” the IP address of the secondary server
(on the “secondary” option) and another password for the secondary server
(on the “secret” option).