Raritan Dominion SX16, Инструкция по установке и эксплуатации, Страница: 105 / 162

A
PPENDIX
D: RADIUS S
ERVER
91
D. Register RADIUS Client
The client file installed in the RADIUS server must be modified. This flat file stores information about RADIUS
clients, including IP addresses and shared secrets; the shared secrets must be protected from casual access. Every
client trying to access the RADIUS server must be included in the list.
The following steps must be carried out for every new client trying to access the RADIUS server. As an example,
imagine Dominion SX has an IP address of
10.0.3.60 . To add this IP address to the client list, perform these steps:
1. Open IAS.
2. Right-click on Clients and select New Client from the drop-down menu.
3. In Friendly Name , type a descriptive name.
4. In Protocol, click on RADIUS , then click on the [ Next ] button.
5. In Client Address (IP or DNS) , type the DNS or IP address for the client. If you are using a DNS name, click
Verify . In the Resolve DNS Name dialog box, click Resolve and select the IP address you want to associate
with that name from Search Results .
6. If the client is an NAS and you are planning to use NAS-specific remote access policies for configuration
purposes (for example, a remote access policy that contains vendor-specific attributes), click on Client Vendor ,
and select the manufacturer's name. If you do not know the manufacturer’s name, or if the name is not in the list,
click on
RADIUS Standard .
7. In Shared Secret , type the shared secret for the client, and then type it again in Confirm Shared Secret .
8. If your NAS supports using digital signatures for verification (with PAP, CHAP, or MS-CHAP), click on Client
must always send the signature attribute in the request . If the NAS does not support digital signatures for
PAP, CHAP, or MS-CHAP, do not click this option.
Notes :
→
If IAS receives an access request from a RADIUS proxy server, IAS cannot detect the
manufacturer of the NAS that originated the request. This can cause problems if you plan to use
authorization conditions based on the client vendor and have at least one client defined as a
RADIUS proxy server.
→
Passwords (shared secrets) are case-sensitive. Be sure that the client's shared secret and the
shared secret you enter in this field are identical to each other and conform to the password rules.
→
If the client address cannot be resolved when you click Verify, make sure the DNS name you
entered is correct.
→
The friendly name that you provide for your RADIUS clients can be used in remote access
policies to restrict access.
E. Add a Remote Access Policy
1. Open IAS and, if necessary, double-click on Internet Authentication Service .
2. In the console tree, right-click Remote Access Policies and select New Remote Access Policy from the drop-
down menu.
3. In the Properties dialog box, type the name of the policy in the Policy Friendly Name field, and click on the
[ Next ] button.
4. Click on the [ Add ] button to specify a new condition, then:
a. In the Select Attribute dialog box, click the attribute you want, and then click on the Add button. Please add
Service-Type for Raritan.
b. Select Authenticate only and click on the [ OK ] button.
i. To change the configuration of an existing condition:
(1) Click the condition, and then click on the [ Edit ] button.
(2) In the attribute dialog box, specify the settings you want, and then click on the [ OK ] button.
ii. Click on the [ Next ] button. Under If a user matches the specified conditions :
(1) To grant dial-up permission to these users, select Grant remote access permission .
(2) To deny dial-up permission to these users, select Deny remote access permission .
iii. Click on the [ Next ] button. You can now make changes to the profile by selecting Edit Profile .