Dell PowerConnect W Clearpass 100 Software 3.9 Deployment Guide - Page 172
Server Control, RADIUS Services
View all Dell PowerConnect W Clearpass 100 Software manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 172 highlights
Use role assigned to local user is the only authorization method available for the local user database. If the user's authentication attempt is successful, the RADIUS server will respond with an Access-Accept message that includes the RADIUS attributes defined for the user's role. Use the common name of the client certificate to match a local user account may be specified for users authenticated via EAP-TLS on a client's local certificate server. Use attributes from Proxy RADIUS server is an authorization method available only for Proxy RADIUS servers. The RADIUS attributes returned by the external RADIUS server are returned unmodified. Assign a fixed user role may be used to assign all authenticated users to a particular user role. If the user's authentication attempt is successful, the RADIUS server will respond with an Access-Accept message that includes the RADIUS attributes defined for the fixed role that has been selected for this authentication server. Use PHP code to assign a user role (Advanced) may be selected to return a role ID for users authenticated via EAP-TLS on a client's local certificate server. The PHP authorization code is entered on the Edit Authentication Server form. The RADIUS Authentication diagnostic can be used to demonstrate the difference between the various authorization methods. To use the diagnostic, navigate to RADIUS Services > Server Control and click the Test RADIUS Authentication command link. Enter the username and password for a user that is externally authenticated. Click the Run button to perform RADIUS authentication and display the results: With authorization method No authorization - Authenticate only: Sending Access-Request of id 165 to 127.0.0.1 port 1812 User-Name = "demouser" User-Password = "XXXXXXXX" rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=165, length=20 Note that in this case, no RADIUS attributes are returned. The Access-Accept or Access-Reject result indicates whether the user was successfully authenticated. 172 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide