Scannex ip.buffer User Manual
© UK 2007-2021 Scannex Electronics Ltd. All rights reserved worldwide.
The RADIUS server MUST reply with a packet that includes a “Filter-Id” string value. This
Filter-Id string value specifies which services the user is allowed to access on the ip.buffer.
If there are multiple “Filter-Id” values that need to be returned, for the benefit of other
devices or because of the RADIUS Server configuration, then the ip.buffer details can be
prefixed with the string “
Scannex:
The Filter-Id should be built from the following string tags:
W1
– user is allowed to read all protected web pages but cannot POST changes.
W2
– user is allowed to read and write to the web pages
W3
– user is allowed to only read the status pages
W4
– user is allowed to read all protected web pages, but cannot POST changes.
However, they may use the web-based Pass Through Access tool
P1
,
P2
,
P3
,
P4
– user can access the TCP pass-through socket for channels 1, 2,
3, or 4 respectively. Any number of these tag values can be present within the
Filter-Id.
T1
,
T2
,
T3
,
T4
– user can access the TCP Server delivery socket for channels 1,
2, 3, or 4 respectively. Any number of these tag values can be present within
the Filter-Id string.
F1
,
F2
,
F3
,
F4
– user can access FTP Server delivery
for channel 1, 2, 3 or 4
respectively. Only one “F” value should be present within the Filter-Id string
For example, a returned Filter-Id string of “
W1F1P1P2P3P4T1T2T3T4
” will allow read-
only web access, access to FTP delivery channel 1, and all pass-through and TCP server
delivery channels.
As another example, the Filter-Id string “
P1P2P3P4
” will only allow access to the pass-
through sockets for all channels – but not web, FTP, nor TCP server delivery.
Web
The web-browser client is forced to use the Basic authorization method for http. The
secure MD5 Digest authorization of http is physically impossible to use with RADIUS. For
that reason you SHOULD use an https secure session when using the web (the web server
can be programmed to force https). See section 8.2.15.
When using RADIUS for web access, the web server will deliver a simple cookie to the
browser. This cookie enables the server to link the user's web session with the current
username/password combination. As a consequence the ip.buffer only has to contact the
RADIUS server once for that session (without a cookie it would have to contact the RADIUS
server for every page and resource requested by the web-browser).
After switching authentication modes for web you may need to restart your
web browser to get the new username and password in effect as it will have
cached the cookies.
35
Applies to firmware >= 2.80
36
Once connected to a passthrough channel they will still need to authenticate for that channel.
37
A RADIUS user can only access one channel's storage through the FTP server.
38
If there are multiple “F” values then only the first account is used.
Page 42
Scannex ip.buffer User Manual
© UK 2007-2021 Scannex Electronics Ltd. All rights reserved worldwide.
The RADIUS server MUST reply with a packet that includes a “Filter-Id” string value. This
Filter-Id string value specifies which services the user is allowed to access on the ip.buffer.
If there are multiple “Filter-Id” values that need to be returned, for the benefit of other
devices or because of the RADIUS Server configuration, then the ip.buffer details can be
prefixed with the string “
Scannex:
The Filter-Id should be built from the following string tags:
W1
– user is allowed to read all protected web pages but cannot POST changes.
W2
– user is allowed to read and write to the web pages
W3
– user is allowed to only read the status pages
W4
– user is allowed to read all protected web pages, but cannot POST changes.
However, they may use the web-based Pass Through Access tool
P1
,
P2
,
P3
,
P4
– user can access the TCP pass-through socket for channels 1, 2,
3, or 4 respectively. Any number of these tag values can be present within the
Filter-Id.
T1
,
T2
,
T3
,
T4
– user can access the TCP Server delivery socket for channels 1,
2, 3, or 4 respectively. Any number of these tag values can be present within
the Filter-Id string.
F1
,
F2
,
F3
,
F4
– user can access FTP Server delivery
for channel 1, 2, 3 or 4
respectively. Only one “F” value should be present within the Filter-Id string
For example, a returned Filter-Id string of “
W1F1P1P2P3P4T1T2T3T4
” will allow read-
only web access, access to FTP delivery channel 1, and all pass-through and TCP server
delivery channels.
As another example, the Filter-Id string “
P1P2P3P4
” will only allow access to the pass-
through sockets for all channels – but not web, FTP, nor TCP server delivery.
Web
The web-browser client is forced to use the Basic authorization method for http. The
secure MD5 Digest authorization of http is physically impossible to use with RADIUS. For
that reason you SHOULD use an https secure session when using the web (the web server
can be programmed to force https). See section 8.2.15.
When using RADIUS for web access, the web server will deliver a simple cookie to the
browser. This cookie enables the server to link the user's web session with the current
username/password combination. As a consequence the ip.buffer only has to contact the
RADIUS server once for that session (without a cookie it would have to contact the RADIUS
server for every page and resource requested by the web-browser).
After switching authentication modes for web you may need to restart your
web browser to get the new username and password in effect as it will have
cached the cookies.
35
Applies to firmware >= 2.80
36
Once connected to a passthrough channel they will still need to authenticate for that channel.
37
A RADIUS user can only access one channel's storage through the FTP server.
38
If there are multiple “F” values then only the first account is used.
Page 42
