Dell PowerConnect W Clearpass 100 Software External Authentication Servers Sof - Page 11

Authorization for External Authentication Servers When a RADIUS Access-Request for a particular user is handled using an external authentication server, the user's authorization is determined by the Authorization settings for that server. The RADIUS Authentication diagnostic can be used to demonstrate the difference between the various authorization methods. To use the diagnostic, navigate to RADIUS > Server Control and click the Test RADIUS Authentication command link. Enter the username and password for a user that is externally authenticated. Click the Run button to perform RADIUS authentication and display the results: • With authorization method No authorization - Authenticate only: Sending Access-Request of id 165 to 127.0.0.1 port 1812 User-Name = "demouser" User-Password = "XXXXXXXX" rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=165, length=20 Note that in this case, no RADIUS attributes are returned. The Access-Accept or Access-Reject result indicates whether the user was successfully authenticated. • With authorization method Assign a fixed user role: Sending Access-Request of id 122 to 127.0.0.1 port 1812 User-Name = "demouser" User-Password = "XXXXXXXX" rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=122, length=27 Reply-Message = "Guest" Note that in this case, the RADIUS attribute returned (Reply-Message) corresponds to the user role selected. Amigopod |Technical Note External Authentication Servers |11