RADIUS Authentication |
Starting in 3.0, ProVision supports 6connect vendor-specific attributes (VSAs) for use with RADIUS authentication. To use these attributes, you must perform the following three procedures:
To use the 6connect VSA, the attributes must be defined on the RADIUS server. Add the following RADIUS dictionary file to your RADIUS server and name it dictionary.6connect:
Important Note: Between version 3.9.3 and 4.0, the permissions structure for ProVision was signifigantly changed. Make sure you following the version specific instructions below.
ProVision 3.9.3 and prior: http://cloud.6connect.com/Download/Radius/3.9.3/6connect_VSA.txt
ProVision 4.0 and greater: http://cloud.6connect.com/Download/Radius/4.0/6connect_VSA.txt
Make sure to add the following to the primary dictionary file: $INCLUDE dictionary.6connect
On the Radius server, configure the user accounts that will have access to the ProVision system.
An example of a ProVision account configuration for the user file on a Freeradius system for version 3.9.3 and prior: http://cloud.6connect.com/Download/Radius/3.9.3/Freeradius-users-example.txt
An example of a ProVision account configuration for the user file on a Freeradius system for version 4.0 and greater: http://cloud.6connect.com/Download/Radius/4.0/Freeradius-users-example.txt
For 3.9.3 and prior, test and response should look like the following:
#﹥radtest test test 50.23.215.162 6connect
Sending Access-Request of id 179 to 50.23.215.162 port 1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 10.124.47.6
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 50.23.215.162 port 1812, id=179, length=68
priv_admin = 1
priv_ipam_c = 1
priv_ipam_m = 1
priv_ipam_d = 1
For 4.0 and higher, test and response should look like the following:
﹤insert example﹥
To configure the use of Radius authentication with ProVision, follow the steps below.