Use this dialog box to specify a RADIUS server the appliance can use for authentication.
NOTE: Port 1812 is the default RADIUS server port, however, Novell's RADIUS server defaults to port 1645. It is possible for a different default port to be specified when the Novell RADIUS server is loaded.
RADIUS server address
The IP address of the RADIUS server.
RADIUS server listening port
The port number on which the RADIUS server listens for incoming authentication requests.
RADIUS server shared secret
The string the RADIUS server uses to verify that the appliance can request authentication of users.
RADIUS server reply time in seconds
The total time the appliance will wait for a response from the RADIUS server before
authentication fails. The default is 7 seconds.
RADIUS server resend time in seconds
The interval in seconds between appliance requests to the RADIUS server. The default is
2 seconds. This means that the appliance could send three requests before the 7-second
default limit expires and the authentication request fails.
User search base(s) for all RADIUS profiles
This field has meaning solely for non-Novell RADIUS applications. iChain 2.0 supports
RADIUS authentication via the RADIUS server supplied by Novell or a RADIUS server
supplied by third party vendors. The Novell RADIUS server uses NDS eDirectory 8.5 as
the underlying database for storing user objects.
If the Novell RADIUS server is running on the iChain authorization server, it has the
ability to indicate the fully distinguished name of the user object that was
authenticated via RADIUS. iChain must use the fully distinguished name of the user
in order to perform ACL rights checking when accessing a protected resource.
A RADIUS server provided by a vendor other than Novell will store user objects in
their own database. iChain must be able to map this third party name to a user object
stored in NDS eDirectory 8.5 on the authorization server in order to determine if the
user has rights to the protected resource he or she is attempting to access. This is
done by performing an LDAP subtree search on the authorization server for the user name
entered on the iChain login dialog.
The implication here is that an eDirectory user object must be created on the authorization
server whose CN is the same as the RADIUS user name and it must appear hierarchically in
the tree somewhere below the container specified by the search base (or search bases)
entered in this field.
NOTE: This search base will apply to ALL RADIUS authentication profiles stored on a
proxy server, i.e., if a search base is entered or deleted for one RADIUS profile
it is added or deleted for all RADIUS profiles.
* Novell trademark. ** Third-party trademark. See Legal Notices.