User guide

60 DOMINION KX USER GUIDE

Returning User Group Information via RADIUS

When a RADIUS authentication attempt succeeds, the device determines the permissions for a given user

based on the permissions of the user’s group.

Your remote RADIUS server can provide these user group names by returning an attribute, implemented as

a RADIUS FILTER-ID. The FILTER-ID should be formatted as follows:

Raritan:G{GROUP_NAME}

where GROUP_NAME is a string, denoting the name of the group to which the user belongs.

RADIUS Communication Exchange Specifications

KX101 sends the following information to RADIUS server in an authentication query:

ATTRIBUTE DATA

USER-NAME The user name entered at the login screen.

USER-PASSWORD In PAP mode, the encrypted password entered at the login

screen.

CHAP-PASSWORD In CHAP mode, the CHAP protocol response computed from

the password and the CHAP challenge data.

NAS-IP-ADDRESS Dominion KX’s IP Address

NAS-IDENTIFIER The Dominion KX unit name as configured in “Network

Configuration” (see previous section).

NAS-PORT-TYPE The value ASYNC (0) for modem connections and

ETHERNET (15) for network connections.

NAS-PORT Always 0.

STATE If this request is in response to an ACCESS-CHALLENGE,

the state data from the ACCESS-CHALLENGE packet will

be returned.

PROXY-STATE If this request is in response to an ACCESS-CHALLENGE,

the proxy state data from the ACCESS-CHALLENGE packet

will be returned.