TMS zl Management and Configuration Guide ST.1.1.100226
4-67
Firewall
User Authentication
5. Click Save.
If your RADIUS server places users in multiple groups, repeat these steps to
add more groups.
Set Up a RADIUS Server to Work with the TMS zl Module. This sec-
tion provides guidelines for setting up a RADIUS server so that it can provide
authentication for users who log in through the TMS zl Module. You should
refer to your server’s documentation for precise instructions.
You must complete the following on your RADIUS server:
■ Add the TMS zl Module as a client. Set the shared secret to the same string
that you configured on the module when you specified this RADIUS
server.
■ Create one or more policies on the RADIUS server to authenticate your
users. Each policy must meet these criteria:
• The policy selects requests sent from the TMS zl Module.
Table 4-7 shows the attributes that the module includes with users’
authentication requests. You can use these attributes to ensure that
the request is matched to the proper policy. For example, you could
create policies that select requests from users who are in a particular
group.
Whichever attributes you use, it is best practice to also specify that
Service-Type = NAS-Prompt-User. This allows you to distinguish a
policy that authenticates users logging in through the TMS zl Module
from a policy that authenticates remote L2TP users.
Table 4-9. RADIUS Attributes Sent in a User RADIUS Request
• The policy grants authenticated users access.
• The policy defines the RADIUS attributes shown in Table 4-10 for the
connection. It can also define other attributes.
Attribute Value
Username User’s username
Password User’s password
Calling-Station-ID User’s actual IP address
NAS-Identifier NAS Identifier configured for the module when you
specified the RADIUS server
NAS-IP-Address Module IP address on the TMS VLAN that connects
to the RADIUS server
Service-Type NAS-Prompt-User