Open topic with navigation

RADIUS Authentication

This topic applies to both Software Logger and the Logger Appliance.

This authentication method enables users to authenticate against a RADIUS server. Even when RADIUS authentication is enabled, each user account must exist locally on your system. The username must match the one in the RADIUS server, although the password can be different. A user must present a valid username and (RADIUS) password to be successfully authenticated.

To configure RADIUS authentication settings:

1. Click System Admin from the top-level menu bar.
2. Click Authentication in the Users/Groups section.
3. Choose the External Authentication tab.
4. From the menu, choose RADIUS.
5. Allow Local Password Fallback provides two options:

• Allow Local Password Fallback for Default Admin Only

  Select this option to allow the default admin user to log in using only a username and password if the client certificate is not available or invalid. This privilege is restricted to the default admin user only—other users must have a valid client certificate to gain access to the system. This option is enabled by default.

• Allow Local Password Fallback for All Users

  Select this option to allow all users to log in using their local user name and password, if RADIUS authentication fails. For more information, see Local Password Fallback.

6. Update the RADIUS Server parameters as necessary:  

   Parameter	Description
   Server Hostname[:port]	Enter the host name and port of the RADIUS server.
   Backup Server hostname[:port] (optional)	(Optional) Enter the backup RADIUS server to use if the primary server does not respond. If the server returns an authentication failure (bad password, unknown username, etc), then the backup server is not tried. The backup server is tried only when the primary server has a communication failure. Use the same format as the primary server to specify the host name and port.
   Shared Authentication Secret	Enter a RADIUS passphrase.
   NAS IP Address	The IP address of the Network Access Server (NAS).
   Request Timeout	The length of time, in seconds, to wait for a response from the RADIUS server (in seconds). The default is 10.
   Retry Request	Number of times to retry a RADIUS request. The default is 1.
   RADIUS Protocol	Use the menu to choose a protocol option. The default is None.

7. Click Save.

See Also