Management and Configuration Guide (Includes ACM xl) 2005-12
ProCurve Secure Access 700wl Series Management and Configuration Guide 5-29
Configuring Authentication
Step 5.
Click Save when you have finished.
Using RADIUS for Accounting
You can configure the Rights Manager to provide accounting information to a RADIUS accounting
server, as defined in RFC 2866. RADIUS accounting gathers information at the start and end of a client’s
activity session about the resources (time, packets, bytes etc) that were used during that session. An
activity session in this context is the period between when the client logs on to or roams to the Access
Controller, and when the client leaves the Access Controller, by logging off or roaming away.
You can use RADIUS accounting either in addition to or independently of using RADIUS for
authentication. When you set up RADIUS as an Authentication Service, you can specify that it also be
used for accounting. If you did not enable the accounting feature when you initially set up the RADIUS
Authentication Service, you can modify the Authentication Service to enable RADIUS accounting. You
can also create a RADIUS Authentication Service specifically to use for accounting.
» To use a RADIUS service for accounting, you must configure a RADIUS server as an Authentication
Service, and check the
Supports RADIUS Accounting (RFC-2866) on port check box and enter the
appropriate port number to which the 700wl Series system should send the accounting data.
Specifying a NAS-ID for Use with RADIUS Accounting
The RADIUS accounting server expects to receive a NAS-ID — the name of the RADIUS client (the
Access Controller) that sent the accounting information— as part of the accounting information that it
Group Identity Field The RADIUS attribute that contains Identity Profile membership information.
Reauthentication Field The name of a RADIUS attribute that contains a time specification (in
seconds) used to force periodic user reauthentication. The default attribute is
Session-Timeout.
For example, if the value retrieved from this field is 7200 seconds (2 hours) all
users will be forced to reauthenticate every 2 hours.
If the RADIUS server attribute specifies a reauthentication interval, any client
getting rights through an Access Policy that also specifies a reauthentication
interval or time of day will be required to reauthenticate at whichever interval
or time of day is encountered first.
Timeout Authentication server request timeout (in seconds). If the RADIUS server has
not completed the authentication requests within this interval, the
authentication is considered to have failed.
Enable RADIUS Accounting (RFC
2866)
Check this to enable RADIUS accounting support using this RADIUS server.
The RADIUS server must support RFC 2866. See “Using RADIUS for
Accounting” on page 5-29 for more details about the RADIUS accounting
feature.
on Port UDP port for RADIUS accounting (Default is 1813).
Supports Microsoft’s attributes
(RFC 2548)
Check this to indicate that the RADIUS server supports Microsoft vendor-
specific RADIUS attributes, including MSCHAP.
Note: You must check this if you will use this RADIUS server to authenticate
PPTP or L2TP sessions.
Table 5-15. RADIUS Authentication Service Configuration
Field/Option Description