Configuring Radius Authentication¶

You can configure radius authentication to add servers to log into Logpoint using Radius authentication. You can also select Logpoint user group as the default role and map the roles to define access permission.

Go to Settings >> System Settings from the navigation bar and click Plugins.
Find Radius Authentication and click Manage.
Click ADD SERVER.
Enter the IP Address of the RADIUS Server.
Enter the Secret passphrase of the RADIUS server.
Set the Priority, 1 being the highest.

RADIUS Server Information¶

Click Save.
In DEFAULT SETTINGS, Select a Logpoint user group as the Default Role.
Enter the Role Attribute.

Default Settings¶

Click Save.

Mapping Roles¶

You can map roles of the radius server to a Logpoint user group to define access permission in Logpoint.

Go to Settings >> System Settings from the navigation bar and click Plugins.
Find Radius Authentication and click Manage.
Click ROLES MAPPING.

In Radius Role, enter the role of the user in the radius server.

Select a Logpoint User Group to assign to the Radius role.
Click Add. A table lists the mapped RADIUS roles and LogPoint user groups. You can edit or delete the added role mappings from the table.

RADIUS Group Mapping¶

Click Submit.

Importing Roles Map¶

A roles map file contains the mapping of RADIUS users with their respective RADIUS roles in a Comma Separated Value (CSV) file. To assign multiple roles to a user, separate the roles by a colon (:) in the roles map file.

Roles Map File (CSV)¶

CSV files must be created without a header row. If a header is included, it will be processed as a valid RADIUS role entry.

To import a roles map file:

Click Import Roles Map.
Browse the roles map file (CSV).
Click Submit.

Importing Dictionary¶

The RADIUS dictionary file maps the attribute numbers in the RADIUS packet to a descriptive name. Using the dictionary, you can define data types for different attributes or define new attributes of the RADIUS packets.

Radius Authentication includes a dictionary file by default but you can also import a vendor-specific dictionary file.

To import a dictionary in the Radius Authentication:

Go to Settings >> System Settings from the navigation bar and click Plugins.
Find Radius Authentication and click Manage.
Click IMPORT DICTIONARY.
Browse and open the dictionary file. The name of the dictionary file must be dictionary.
Click Submit.

You can find the default dictionary of the Radius Authentication at:

/opt/immune/installed/webserver/pluggables/modules/Authentication/apps/RadiusAuthentication/utils/dictionary

The default dictionary file consists of:

#
# Version $Id: dictionary,v 1.1.1.1 2002/10/11 12:25:39 wichert Exp $
#
#   This file contains dictionary translations for parsing
#   requests and generating responses.  All transactions are
#   composed of Attribute/Value Pairs.  The value of each attribute
#   is specified as one of 4 data types.  Valid data types are:
#
#   string  - 0-253 octets
#   ipaddr  - 4 octets in network byte order
#   integer - 32 bit value in big endian order (high byte first)
#   date    - 32 bit value in big endian order - seconds since
#                                   00:00:00 GMT,  Jan.  1,  1970
#
#   FreeRADIUS includes extended data types which are not defined
#   in RFC 2865 or RFC 2866.  These data types are:
#
#   abinary - Ascend's binary filter format.
#   octets  - raw octets, printed and input as hex strings.
#             e.g.: 0x123456789abcdef
#
#
#   Enumerated values are stored in the user file with dictionary
#   VALUE translations for easy administration.
#
#   Example:
#
#   ATTRIBUTE         VALUE
#   ---------------   -----
#   Framed-Protocol = PPP
#   7               = 1     (integer encoding)
#

#
#   Include compatibility dictionary for older users file. Move this
#   directive to the end of the file if you want to see the old names
#   in the logfiles too.
#
#$INCLUDE dictionary.shasta
#$INCLUDE dictionary.shiva
#$INCLUDE dictionary.tunnel
#$INCLUDE dictionary.usr
#$INCLUDE dictionary.versanet
#$INCLUDE dictionary.erx
#$INCLUDE dictionary.freeradius
#$INCLUDE dictionary.alcatel

#
#       Following are the proper new names. Use these.
#
ATTRIBUTE       User-Name               1       string
ATTRIBUTE       User-Password           2       string
ATTRIBUTE       CHAP-Password           3       octets
ATTRIBUTE       NAS-IP-Address          4       ipaddr
ATTRIBUTE       NAS-Port                5       integer
ATTRIBUTE       Service-Type            6       integer
ATTRIBUTE       Framed-Protocol         7       integer
ATTRIBUTE       Framed-IP-Address       8       ipaddr
ATTRIBUTE       Framed-IP-Netmask       9       ipaddr
ATTRIBUTE       Framed-Routing          10      integer
ATTRIBUTE       Filter-Id               11      string
ATTRIBUTE       Framed-MTU              12      integer
ATTRIBUTE       Framed-Compression      13      integer
ATTRIBUTE       Login-IP-Host           14      ipaddr
ATTRIBUTE       Login-Service           15      integer
ATTRIBUTE       Login-TCP-Port          16      integer
ATTRIBUTE       Reply-Message           18      string
ATTRIBUTE       Callback-Number         19      string
ATTRIBUTE       Callback-Id             20      string
ATTRIBUTE       Framed-Route            22      string
ATTRIBUTE       Framed-IPX-Network      23      ipaddr
ATTRIBUTE       State                   24      octets
ATTRIBUTE       Class                   25      octets
ATTRIBUTE       Vendor-Specific         26      octets
ATTRIBUTE       Session-Timeout         27      integer
ATTRIBUTE       Idle-Timeout            28      integer
ATTRIBUTE       Termination-Action      29      integer

Helpful?