Enable RADIUS |
Change NO to YES to enable RADIUS authentication. |
Name* |
The name is radius-auth |
Authentication type* |
Enter the authentication protocol that is supported by the RADIUS server. Either PAP, CHAP, MSCHAP1, OR MSCHAP2. |
Shared secret* |
Enter the RADIUS shared secret. |
Number of Authentication attempts allowed * |
Enter the maximum number of failed login attempts when using RADIUS to log in. The default is three attempts. |
Number of attempts to RADIUS server* |
Enter the total number of retry attempts. If the primary server does not respond, the service waits for the configured time before retrying again. |
Server Timeout in Seconds* |
Enter the RADIUS server timeout in seconds, after which a retry is sent if the RADIUS server does not respond. |
Radius Server Host name * |
Enter the host name or the IP address of the RADIUS server. |
Authentication Port* |
Enter the Radius authentication port number. The port is usually 1812. |
Realm Prefix |
(Optional) The user account location is called the realm. If you specify a realm prefix string, the string is placed at the beginning of the user name when the name is sent to the RADIUS server. For example, if the user name is entered as jdoe and the realm prefix DOMAIN-A\ is specified, the user name DOMAIN-A\jdoe is sent to the RADIUS server. If you do not configure these fields, only the user name that is entered is sent. |
Realm Suffix |
(Optional) If you configure a realm suffix, the string is placed at the end of the user name. For example, if the suffix is @myco.com, the user name [email protected] is sent to the RADIUS server. |
Name Id Suffix |
Enter the NameId as @somedomain.com. Is used to send additional content such as domain name to the RADIUS server or the RSA SecurID server. For example, if a user logs in as user1, then [email protected] is sent to the server. |
Login page passphrase hint |
Enter the text string to display in the message on the user login page to direct users to enter the correct Radius passcode. For example, if this field is configured with AD password first and then SMS passcode, the login page message would read Enter your AD password first and then SMS passcode. The default text string is RADIUS Passcode. |
Enable basic MS-CHAPv2 validation |
Change NO to YES to enable basic MS-CHAPv2 validation. If this option is set to YES, then the additional validation of response from the RADIUS server is skipped. By default, full validation will be performed. |
Enable secondary server |
Change NO to YES to configure a secondary RADIUS server for high availability. Configure the secondary server information as described in step 3. |