Configure RADIUS Authentication
When RADIUS is configured, Reflection for Secure IT transfers control of authentication to the RADIUS authentication server.
To configure the Reflection for Secure IT server
Info
Make sure the server is not in FIPS mode. RADIUS uses MD5, which is not a FIPS approved algorithm.
-
From the Password pane, enable Password authentication using keyboard interactive . This is the default.
-
From the RADIUS pane, enable Use RADIUS authentication .
-
Click Add .
-
Specify your RADIUS server, the port used for RADIUS on that server, and the shared secret required for RADIUS clients to authenticate to that server.
-
Click OK .
-
Save your settings ( File > Save Settings ).
RADIUS pane
From the server console, click Configuration > Authentication > Password > RADIUS to use these settings to transfer control of authentication to a RADIUS authentication server.
| Setting | Description |
|---|---|
| Use RADIUS authentication | This option is not available if keyboard interactive authentication is disabled on the Password pane (either Password authentication is set to Deny or Password authentication using keyboard interactive is unchecked). |
| Attempt local password authentication if RADIUS fails. | Enable this setting to allow users to log in locally if RADIUS authentication fails. |
| Inherit servers | This option is available only if you are creating or editing a subconfiguration. When it is selected (the default) inherited servers are listed after any other servers you have configured. For example, if you are creating a user subconfiguration, you see globally configured servers at the end of the list. New servers added for the user subconfiguration appear above the globally configured servers. You can't delete or edit individual inherited servers. |
RADIUS Server Dialog Box
-
From the server console, click Configuration > Authentication > Password > RADIUS .
-
Select Use RADIUS authentication .
-
Click Add or Edit .
The options are:
- Server - The name or IP address of the RADIUS authentication server
- Port - The port used for RADIUS requests.
- Secret - The shared secret required to authenticate to the RADIUS server. This secret is stored as plain text in the configuration file. Protection for this file is provided via Windows Access Control Lists.
More information
- Enable keyboard-interactive authentication. (This is the default for all Reflection for Secure IT clients.)