User manual

ManualsBrandsRaritan ManualsNetworkingIPR-M1

CHAPTER 4: ADMINISTRATIVE FUNCTIONS 53

- YES: RADIUS authentication is operational. At a user login attempt, IP-Reach will refer to

the RADIUS server’s user name and password database, provided there is not an exact

matching user name and password in the IP-Reach database of profiles.

• Default RADIUS Permissions: With RADIUS Authentication operational, “Default RADIUS

Permissions” defines the basic initial permissions or privileges for all RADIUS user name and

password profiles.

Note:

These initial RADIUS permissions can be changed for each individual user, by

overriding attributes returned by the RADIUS server. Please see Appendix F: The

RADIUS Server, Controlling IP-Reach User Permissions via RADIUS FILTER-ID

Attributes.

- User permissions (Net, Modem, PC Share) (Default): All RADIUS authenticated users

will have user level (non administrative) access to IP-Reach over the network via TRC Client,

via web browser, and via modem. All users will also have PC Share power, giving them

concurrent access capability. That means they can connect to IP-Reach even if another user is

already connected. Keyboard and mouse control is also granted.

- Admin permissions (Net, Modem, PC Share): All RADIUS authenticated users will have

Administrator level (with Admin powers) access to IP-Reach over the network or via modem.

All users will also have PC Share power, giving them concurrent access capability. That

means they can connect to IP-Reach even if another user is already connected. Keyboard and

mouse control is also granted

Note:

Control during concurrent access in PC Share mode will be based on first active

keyboard/mouse input, so multiple remote users attempting keyboard input or mouse

movement at exactly the same moment may experience uneven control. RADIUS users

with individual PC Share capability will only be able to connect concurrently to IP-

Reach provided the global PC Share Mode setting on the Security Configuration screen

also enables it.

- None, must use RADIUS attributes: No assumed initial permissions exist. All RADIUS

authenticated users will be denied access to IP-Reach unless they are given specific

permission to gain access. Specific permission takes the form of FILTER-ID attributes, which

are returned by the RADIUS server for each individual RADIUS user. Please see Appendix

F: The RADIUS Server, Controlling IP-Reach User Permissions via RADIUS FILTER-

ID Attributes.

• Authentication Type: Controls which password authentication protocol will be used between IP-

Reach Control on the Remote PC, IP-Reach, and the RADIUS server.

- PAP (Default): Password Authentication Protocol (PAP) will be used to encrypt and

authenticate the user’s password.

Note:

PAP is slightly less secure than CHAP, but some RADIUS servers require the PAP

protocol.

- CHAP: Challenge Authentication Protocol (CHAP) will be used to encrypt and authenticate

the user’s password.

• Server Secret: The RADIUS server and IP-Reach, as a RADIUS client, share a common secret used

to encrypt the RADIUS protocol data. Enter the secret here. The keystrokes entered for the secret can

be any combination of keystrokes up to 128 characters in length.

- Confirm Secret: Enter secret again for confirmation of keystrokes.

• Primary Server IP: Enter the IP address of the primary RADIUS server. A primary server IP is

required for the RADIUS features to function.