Versions Compared

Old Version 3

changes.mady.by.user The Force

Saved on

compared with

New Version Current

changes.mady.by.user The Force

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from this space and version HG-8.3.0

RADIUS Authentication

ProVision supports 6connect vendor-specific attributes (VSAs) for use with RADIUS authentication.

...

Setting Up Radius Authentication

Add the

...

VSA to the Radius Installation

To use the 6connect VSA, the attributes must be defined on the RADIUS server.

Add the following RADIUS dictionary file to your RADIUS server and name it dictionary.6connect:

ProVision 4.0 and greaternewer:

Code Block
VENDOR 6connect 36009

BEGIN-VENDOR 6connect

ATTRIBUTE 6connect_user_group 10 string
#A 6connect User Group to which this user belongs.

END-VENDOR 6connect

...

Code Block
languagepowershell
titleSetting up a RADIUS account
bobber Cleartext-Password := "hello"
6connect_user_group = "Global Admins,Group 2,Group 1,Group Nonexistant"

The Radius server must be restarted every time you add, remove, or modify users. To restart the Radius server, use this command:

Code Block
/etc/init.d/radiusd restart

...

Note
titleNote on RADIUS attributes
There are many Radius attributes, but '6connect_user_group' is the one used by 6connect ProVision. It is a comma-separated list of all the group names that the user belongs to.

Test Radius Accounts

For ProVision 4.0 and highernewer, test and response should look like the following:

...

Configure ProVision for Radius Authentication

Image Added

To configure the use of Radius authentication with ProVision, follow the steps below:

  1. Log into 6connect ProVision
  2. Go to Settings → Admin -> Authentication
  3. Select the "Radius" tab under "Authentication Options"
  4. Ensure that Radius functions are available.  Radius functions are always available on 6connect cloud hosted instances.  
    1. Note: Radius functions are available on VM Images and Local Installations only if the relevant PHP Pear Radius Libraries have been installed. An error message will be visible if the PHP extension is not installed.
    Image Removed
  5. Move the Radius Enable selector to the "ON" position.
  6. Fill in the hostname or ip address, authentication ports, accounting port, and shared Radius key as specified.

...


...

Adding a Secondary Radius Server

Once at least one Radius server has been added, a list will appear at the top of the Radius module. Add an additional Radius server by clicking "Add new server".

Image Modified

ProVision will try to connect to each radius server listed in the order listed, until a success is returned. Disabled servers will display in grey, and the currently selected server will display in bold.



Note
titleSetting default login authentication options

The default login is 'Local", but the default login method displayed may be updated by performing the following steps: 

  • In the ProVision directory, navigate

In the login screen, you would select the authentication method from the dropdown. If you like, you can set the default login option in the following way:

Go
  • to the /data/globals.php
and
  • open the file in vi (or other text editor)
.
  • Add in the following text as the last line of the file (before the closing ?>)
    Code Block
    define('DEFAULT_LOGIN_TYPE', 'radius');
  • Acceptable values are "local", "radius", "ldap" and "saml". If this line is not present in globals.php, the default option is "local".

Add or Update Radius Authentication Settings (Local Install Only)

...