9.22 RADIUS Client

In the RADIUS Client method, Advanced Authentication forwards the authentication request to a third-party RADIUS server. This can be any RADIUS server. For example, you can use RADIUS Client as an authentication method when you have a token solution such as RSA or Vasco. You want to migrate users to Advanced Authentication with the flexibility that users can use the old tokens while the new users can use any of the other supported authentication methods.

You can configure the following options for the RADIUS Client method:

  • Send the repository name: Option for a repository name to be used automatically with a username. For example, company\pjones. Set to ON to enable the option.

  • NAS Identifier: An attribute that contains a string identifying the NAS originating the Access-Request. It is only used in Access-Request packets. Either NAS-IP-Address or NAS-Identifier must be present in an Access-Request packet.

  • : Specify the number of seconds till when the RADIUS client waits for the RADIUS server to reply before prompting an error Connection time out. The default value is 5 seconds.

  • Retries count: Specify the number of times, the RADIUS client tries to connect to the RADIUS server. If a connection is not established during the retry attempts, a message Failed to connect to the server is displayed. The default value is set to 3. If set to 0, the RADIUS client does not try to connect after the first unsuccessful attempt.

  • Specify servers per site: Option to configure the third-party RADIUS servers that are specific to a site. When set to ON, the sites available in the cluster are populated and you can add more than one servers to the preferred site.

    When this option is set to OFF, you can add single third-party RADIUS server details that are applicable for all sites in the cluster by specifying the following details:

    • Server: The Hostname or IP address of the third-party RADIUS server.

    • Secret: The shared secret between the RADIUS server and Advanced Authentication.

    • Port: The port to where the RADIUS authentication request is sent. The default port is 1812.