User`s manual

ManualsBrandsAudioCodes ManualsNetworkingMediant 1000

331

332

333

334

335

336

337

338

339

340

Mediant 1000

H.323 User's Manual 334 Document #: LTRT-83401

13.3 RADIUS Login Authentication

Users can enhance the security and capabilities of logging to the gateway’s Web and

Telnet embedded servers by using a Remote Authentication Dial-In User Service

(RADIUS) to store numerous usernames, passwords and access level attributes (Web

only), allowing multiple user management on a centralized platform. RADIUS (RFC 2865)

is a standard authentication protocol that defines a method for contacting a predefined

server and verifying a given name and password pair against a remote database, in a

secure manner.

When accessing the Web and Telnet servers, users must provide a valid username and

password. When RADIUS authentication isn’t used, the username and password are

authenticated with the Embedded Web Server’s usernames and passwords of the primary

or secondary accounts (refer to Section 5.2.1 on page 55) or with the Telnet server’s

username and password stored internally in the gateway’s memory. When RADIUS

authentication is used, the gateway doesn’t store the username and password but simply

forwards them to the pre-configured RADIUS server for authentication (acceptance or

rejection). The internal Web / Telnet passwords can be used as a fallback mechanism in

case the RADIUS server doesn’t respond (configured by the parameter

BehaviorUponRadiusTimeout). Note that when RADIUS authentication is performed, the

Web / Telnet servers are blocked until a response is received (with a timeout of 5

seconds).

RADIUS authentication requires HTTP basic authentication, meaning the username and

password are transmitted in clear text over the network. Therefore, users are

recommended to set the parameter ‘HttpsOnly = 1’ to force the use of HTTPS, since the

transport is encrypted.

13.3.1 Setting Up a RADIUS Server

The following examples refer to FreeRADIUS, a free RADIUS server that can be

downloaded from www.freeradius.org. Follow the directions on that site for information on

installing and configuring the server. If you use a RADIUS server from a different vendor,

refer to its appropriate documentation.

¾ To set up a RADIUS server, take these 5 steps:

1. Define the gateway as an authorized client of the RADIUS server, with a predefined

‘shared secret’ (a password used to secure communication) and a vendor ID. The

figure below displays an example of the file clients.conf (FreeRADIUS client

configuration).

Figure 13-11: Example of the File clients.conf (FreeRADIUS Client Configuration)

# clients.conf - client configuration directives

client 10.31.4.47 {

secret = FutureRADIUS

shortname = tp1610_master_tpm

}