| HTML |
|---|
<div id="google_translate_element"></div>
<script type="text/javascript">
function googleTranslateElementInit() {
new google.translate.TranslateElement({pageLanguage: 'en'}, 'google_translate_element');
}
</script>
<script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script> |
RADIUS Authentication
ProVision supports 6connect vendor-specific attributes (VSAs) for use with RADIUS authentication.
To use these attributes, you must perform the following procedures:
| Table of Contents |
|---|
Setting Up Radius Authentication
Add the 6connect VSA to the Radius Installation
To use the 6connect VSA, the attributes must be defined on the RADIUS server. Add the following RADIUS dictionary file to your RADIUS server and name it dictionary.6connect:
...
| Note |
|---|
| Make sure to add the following to the primary dictionary file: $INCLUDE dictionary.6connect |
Configure Radius Accounts
On the Radius server, configure the user accounts that will have access to the ProVision system.
...
| Note | ||
|---|---|---|
| ||
| There are many Radius attributes, but '6connect_user_group' is the one used by 6connect ProVision. It is a comma-separated list of all the group names that the user belongs to. |
Test Radius Accounts
For ProVision 4.0 and higher, test and response should look like the following:
...
| Code Block | ||
|---|---|---|
| ||
Sending Access-Request of id 68 to 208.39.140.106 port 1812 User-Name = "bobberbro" User-Password = "hello" NAS-IP-Address = 67.221.240.229 NAS-Port = 0 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Reject packet from host 208.39.104.106 port 1812, id=68, length=20 |
Configure ProVision for Radius Authentication
To configure the use of Radius authentication with ProVision, follow the steps below.:
- Log into 6connect ProVision
- Go to Settings → Admin -> Authentication
- Select the "Radius" tab under "Authentication Options"
- Ensure that Radius functions are
...
- available. Radius functions are always available on 6connect cloud instances.
...
- Note: Radius functions are available on VM Images and Local Installations only if the relevant PHP Pear Radius Libraries have been installed. An error message will be visible if the PHP extension is not installed.
...
...
- Move the Radius Enable
...
- selector to the "ON" position.
- Fill in the hostname or ip address, authentication ports, accounting port, and shared Radius key as specified.
| Expand | ||
|---|---|---|
| ||
Once at least one Radius server has been added, a list will appear at the top of the Radius module. Add an additional Radius server by clicking "Add new server".
ProVision will try to connect to each radius server listed in the order listed, until a success is returned. Disabled servers will display in grey, and the currently selected server will display in bold. |
| Note | ||
|---|---|---|
| ||
In the login screen, you would select the authentication method from the dropdown. If you like, you can set the default login option in the following way: Go to the /data/globals.php and open in vi (or other editor). Add in the following text as the last line of the file (before the closing ?>) define('DEFAULT_LOGIN_TYPE', 'radius'); |
Add or Update Radius Authentication Settings (Local Install Only)
Authentication options are accessed by clicking the "Authentication" sub-tab at the top of the Admin Settings page.
- Radius Enable: Move this selector to enable RADIUS functionality.
- Radius Server Address: Set to the IP address of your radius server. If this is specified, it will force authentication over radius.
- Radius Authentication Port: Set to the port for authentication. Default port is 1812
- Radius Accounting Port: Set to the port for radius accounting. Default port is 1813
- Radius Key: Set to the shared key of your radius server
Enter or update the desired settings.
To verify the settings connect, click "Test Radius Configuration". When done, click "Save Changes".