RADIUS Interface
Intro
Installation
SysAdmin 
HTTP 
Logs 
Protection 
Security 
Scalability 
Listeners 
Alerts 
SNMP 
RADIUS
Events 
Dialup 
CLI/API 
Monitors 
Objects
Transfer
Access
Directory
Data Files
Clusters
WebApp
WebMail
Miscellaneous
Licensing
HowTo
HelpMe
The CommuniGate Pro Server supports RADIUS authentication for various NAS (Network Access Servers).

The RADIUS module acts as a RADIUS server. IT receives authentication requests from RADIUS clients (NAS), verifies the supplied credentials and accepts or rejects these requests.

By default the CommuniGate Pro RADIUS server is not activated.

Configuring the RADIUS Module

To configure the RADIUS module, use the WebAdmin Interface. Open the Obscure page in the Settings section and find the RADIUS panel:

RADIUS
Log: listener
Password:
Channels:

Log
Use this setting to specify what kind of information the RADIUS module should put in the Server Log. Usually you should use the Major or Problems (non-fatal errors) levels. But when you experience problems with the RADIUS module, you may want to set the Log Level setting to Low-Level or All Info: in this case protocol-level or link-level details will be recorded in the System Log as well.

The RADIUS module Log records are marked with the RADIUS tag. Please note that RADIUS is a binary protocol, so all low-level data is presented in the hexadecimal form.

listener
Use this link to open the UDP Listener page and specify the port number and local network address for the RADIUS server authentication service, and access restrictions for that port. When the port number is set to 0, the RADIUS server is disabled.
By default RADIUS clients send requests to the UDP port 1812.
If your server computer is already running some RADIUS server, you may want to specify a non-standard port number here and reconfigure your RADIUS client software to use that port number.

Channels
Use this setting to specify the number of RADIUS module processors (threads) used to process RADIUS requests. If you set this setting to 0, all requests will be processed directly with the RADIUS Listener thread(s).

Password
Use this setting to specify the RADIUS "shared secret". All RADIUS clients should use the same "shared secret" in order to access the RADIUS server.

RADIUS Authentication

The RADIUS module accepts properly formatted "Access-Request" requests from RADIUS clients, retrieves the User-Name and User-Password attributes and tries to find the specified CommuniGate Pro Account and verify its password. If the password can be verified and the Account and its Domain both have the RADIUS Service enabled, a positive response is sent to the RADIUS client, otherwise a negative response with the error code text is sent.

Note: clients authenticating via RADIUS do not use any network address on the Server, and Secondary Domain users should specify their full account name (account@domain), or should specify a name that is routed to their account using the Router. Because the Router is used to process the User-Name attribute, account aliases can be used for authentication, too. See the Access section of the manual for more details.

CommuniGate® Pro Guide. Copyright © 1998-2003, Stalker Software, Inc.