Using SMS with RADIUS Server
TUT Systems, Inc
Page 81 of 104
P/N
220-06288-20
RADIUS Attributes Sent In Access-
Request Packets
The SMS2000 sends the following attributes in Access-Request packets. The RADIUS
server may choose to ignore any or all of these. The RADIUS server may make its access
response based on any or all of these.
User-Name(1)
User-Password(2)
NAS-IP-Address(4)
NAS-Identifier(32)
NAS-Port(5)
Service-Type(6)
Framed-Protocol(7)
Tut:Mac-Address(1748:3)
NAS-Port-Type(61)
Tut :Client-IP-Address(1748 :5)
Framed-IP-Address(8)
RADIUS Attributes Received in Access-
Accept Packets
See
Appendix A
,
“Radius Access-Accept Dictionary File”
for an example of how the
SMS2000 uses the attributes defined in a dictionary file.
Using Both RADIUS and OCS
Authentication
Because the OCS in some ways manages the SMS2000, there can be only one OCS
server configured on the SMS2000, and it must be for the default group. However, a
RADIUS authentication server can be added to any group, and the OCS may be on or off
for various groups.
To configure both RADIUS and the OCS on one SMS2000, enter the following
commands:
sms2000%
auth off
sms2000%
group add radgroup
sms2000%
group *
Active group is now “*”
sms2000%
auth add web http://
web_ip
/pp/welcome.php3 secret
web_secret
cmd-serv
sms2000%
acct add radius
radius_ip
secret
radius_secret
sms2000%
group radgroup
Active group is now “radgroup.”
sms2000%
auth add radius
radius_ip
secret
radius_secret
sms2000%
acct add radius
radius_ip
secret
radius_secret
sms2000%
set rule israd 1
rule_expression
Note:
If your OCS is configured, you need not turn authentication off. Simply use
group
add radgroup noinherit
to prevent the new group from inheriting the OCS server
configuration.