Raritan DOMINION SX -, Инструкция по установке и эксплуатации

Страница: 119 / 172

A
PPENDIX
D: RADIUS S
ERVER
109
D. Register RADIUS Client
The client file installed in the RADIUS server must be modified. This flat file stores information about
RADIUS clients, including IP addresses and shared secrets; the shared secrets must be protected from
casual access. Every client trying to access the RADIUS server must be included in the list.
The following steps must be carried out for every new client trying to access the RADIUS server. As an
example, imagine Dominion SX has an IP address of
10.0.3.60 . To add this IP address to the client list,
perform these steps:
1.
Open IAS.
2. Right-click on Clients and select New Client from the drop-down menu.
3. In Friendly Name , type a descriptive name.
4. In Protocol, click on RADIUS , then click on the [ Next ] button.
5. In Client Address (IP or DNS) , type the DNS or IP address for the client. If you are using a DNS
name, click Verify . In the Resolve DNS Name dialog box, click Resolve and select the IP address you
want to associate with that name from Search Results .
6. If the client is an NAS and you are planning to use NAS-specific remote access policies for
configuration purposes (for example, a remote access policy that contains vendor-specific attributes),
click on
Client Vendor , and select the manufacturer's name. If you do not know the manufacturer’s
name, or if the name is not in the list, click on RADIUS Standard .
7. In Shared Secret , type the shared secret for the client, and then type it again in Confirm Shared
Secret .
8. If your NAS supports using digital signatures for verification (with PAP, CHAP, or MS-CHAP), click
on
Client must always send the signature attribute in the request . If the NAS does not support
digital signatures for PAP, CHAP, or MS-CHAP, do not click this option.
Notes :
→
If IAS receives an access request from a RADIUS proxy server, IAS cannot detect the manufacturer of
the NAS that originated the request. This can cause problems if you plan to use authorization conditions
based on the client vendor and have at least one client defined as a RADIUS proxy server.
→
Passwords (shared secrets) are case-sensitive. Be sure that the client's shared secret and the shared
secret you enter in this field are identical to each other and conform to the password rules.
→
If the client address cannot be resolved when you click Verify, make sure the DNS name you entered is
correct.
→
The friendly name that you provide for your RADIUS clients can be used in remote access policies to
restrict access.
E. Add a Remote Access Policy
1. Open IAS and, if necessary, double-click on Internet Authentication Service .
2. In the console tree, right-click Remote Access Policies and select New Remote Access Policy from the
drop-down menu.
3. In the Properties dialog box, type the name of the policy in the Policy Friendly Name field, and click
on the [ Next ] button.
4. Click on the [ Add ] button to specify a new condition, then:
a. In the Select Attribute dialog box, click the attribute you want, and then click on the Add button.
Please add Service-Type for Raritan.
b. Select Authenticate only and click on the [ OK ] button.
i. To change the configuration of an existing condition:
(1)
Click the condition, and then click on the [ Edit ] button.
(2) In the attribute dialog box, specify the settings you want, and then click on the [ OK ]
button.
ii. Click on the [ Next ] button. Under If a user matches the specified conditions :
(1) To grant dial-up permission to these users, select Grant remote access permission .
(2) To deny dial-up permission to these users, select Deny remote access permission .
iii. Click on the [ Next ] button. You can now make changes to the profile by selecting Edit
Profile .