CONFIG AUTH RADIUS

Level

user,modify

History

bport appears in Netasq 6.1.0
bhost appears in Netasq 6.1.0
level changes from other,modify to user,modify in Netasq 9.0.0
status appears in Netasq 9.1.0
pencoding and bencoding appear in 2.0.0
timeout, btimeout, retry, bretry and VSAusergroup appear in 4.3.0
maximum timeout changed from 120 to 600 seconds in 4.8.0
MsgAuthenticatorSend, MsgAuthenticatorRequired and CustomNasId appear in 5.0.0

Description

Configure radius authentication.

Usage

[state=<0|1>] : disable/enable radius (default is 0)
[VSAusergroup=<0|1>] : enable/disable user group VSA support (default is 1; 0 if unset)
[MsgAuthenticatorSend=<0|1>] : if enabled, send the message-authenticator attribute in client requests
[MsgAuthenticatorRequired=<0|1>]: if enabled, reject any server response that doesn't contain a message-authenticator attribute
[CustomNasId=<string>] : set a custom value for the NAS-Identifier attribute (if unset, use the default LDAP domain)
[host=<host>] : RADIUS server
[port=<service>] : Port used by the RADIUS server (default is radius)
[key=<sharedkey>] : Key used for encrypting exchanges between the firewall and the RADIUS server
[pencoding=<encoding>] : Primary RADIUS Server password encoding
[timeout=<timeout>] : Primary RADIUS timeout in ms
[retry=<retry>] : Primary RADIUS number of connection retries before aborting
[bhost=<host>] : Backup RADIUS server
[bport=<service>] : Port used by the Backup RADIUS server (default is radius)
[bkey=<sharedkey>] : Key used for encrypting exchanges between the firewall and the Backup RADIUS server
[bencoding=<encoding>] : Backup RADIUS Server password encoding
[btimeout=<timeout>] : Backup RADIUS timeout in ms
[bretry=<retry>] : Backup RADIUS number of connection retries before aborting

Returns

Error Code

Remark

Authentication with radius can be used with unknown users (default method).
default value for port is 1812
Microsoft RADIUS server uses ISO-8859-1 charset
timeouts are in milliseconds
The total timeout must be lower than or equal to 600 seconds: (timeout * (retry + 1)) + (btimeout * (bretry + 1)) <= 600000

Example

CONFIG AUTH RADIUS host=10.2.0.100 port=1812 key="shared secret"
CONFIG AUTH RADIUS host=radiussrv port=radius key="shared secret" pencoding=ISO-8859-1 timeout=1000 retry=2 bhost=radiussrv bport=radius bkey="other shared secret
encoding=UTF-8 btimeout=500 bretry=0 VSAusergroup=1