Configuration
Steel-Belted Radius (Funk Software) |
This is a guide to configure RAS using a Radius Server
together with a BinTec
BRICK Router
In this example the Brick already has an ip adress
195.45.204.53 configured fin the setup tool. The Radius server is
running on a Windows NT Workstation 4.0
machine 194.45.204.16
- Install the Radius software with a user having
Administrator-rights.
- Find out, whether the Radius is using Port 1645 or 1812
for accounting.
- From Control Panel, you should start the corresponding
service:
- Start the Steelbelted Radius Administrator:
- and Connect...
- Configure the Brick as RAS-Client and add the shared
secret:
- ADD a User:
The user name equals the ppp-id, the password the
PAP/CHAP Password.
- For a standard PPP user, it would look like this:
- At the Brick site configure the Radius Server with the
setup-tool, IP->Radius Server:
BIANCA/BRICK-XM Setup
Tool BinTec Communications GmbH
[IP][RADIUS][EDIT]: Configure Radius Server brick3
_______________________________________________________________________________
Protocol auth
IP Address 194.45.204.16
Password test
Priority 0
Policy authoritative
Port 1645
Timeout 1000
Retries 1
State active
SAVE CANCEL
_______________________________________________________________________________
Enter string, max length = 48 charsa
You can configure priorities, policy,... please
refer to the corresponding
release note
- If you want to use BinTec specific attributes, then you
need to edit some
files located in the Radius\Service-directory, the
radius.ini-file:
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; RADIUS.INI file - Version 1.30 (25 July 1997)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; This file defines operational characteristics of Funk
Software's Steel-Belted
; Radius server and defines a list of NAS (Network Access
Servers)
; for use by the server.
;
; The supported options for each section of the
RADIUS.INI file are described
; below:
;
; [Configuration]
;
; This section of the RADIUS.INI file contains options
for the operational
; characteristics of the Steel-Belted Radius server.
Supported options
; include:
;
; LogLevel = 0 (default), 1 (more details) or 2 (verbose)
;
; TraceLevel = 0 (default), 1 (includes parsed packet
; contents in log file) or 2 (includes raw
; packet contents in log file
;
; Allow-Unmasked-Password = If 'yes' then admin program
will be able to
; display previously entered passwords.
; The default is 'no'.
;
; Allow-Unmasked-Secret = If 'yes' then admin program
will be able to
; display previously entered shared secrets.
; The default is 'no'.
;
; PrivateDir = Location of the private directory. For the
; NT version of Steel-Belted Radius, it
; defaults to the location of server executable
; file (typically c:\radius\service). For the
; NetWare version of Steel-Belted Radius, it
; defaults to 'SYS:\RADDB'.
;
;
; [Vendor-Product Identification]
;
; The characteristics of each vendor's RADIUS-compatible
product are
; described in this section. Each vendor product
definition begins with
; a "vendor-product" line and continues with
one or more of the additional
; optional characteristics listed below:
;
; vendor-product = NAS vendor name or product that
appears in the
; pull-down list when adding a new RAS client.
;
; discard-after = Discards portion of username after the
; designated character (as well as the character
; itself) used by inbound Proxy Radius servers.
;
; discard-before = Discards portion of username before
the
; designated character (as well as the character
; itself) used by inbound Proxy Radius servers.
;
; ignore-ports = If 'no' then duplicate port number will
remove
; an entry from the active list (accounting only).
; The default is 'no'.
;
; port-number-usage = If 'per-port-type' then duplicate
port number/
; port type will remove an entry from the active
; list (accounting only). If 'Unique' then
; duplicate port type will remove an entry from
; the active list; essentially port type will be
; ignored in the determination of accounting
; duplicates.
;
; send-class-attribute = If 'no' then no class attribute
is sent by
; the server.
;
; help-id = help context for vendor's product in the
vendor
; information help file
;
; Note: Vendor Products which have *not* been tested by
Bay Networks
; are marked with an asterisk (*) and are assumed to use
standard RADIUS.
; They are included here in order for users to take
advantage of the
; Vendor-Specific attribute, if made available by the
vendor.
;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[Configuration]
LogLevel = 0
TraceLevel = 0
Allow-Unmasked-Password = no
Allow-Unmasked-Secret = no
#PrivateDir = C:\radius\service
[Vendor-Product Identification]
vendor-product = 3COM AccessBuilder
dictionary = AccessBd
ignore-ports = no
port-number-usage = per-port-type
help-id = 0081
vendor-product = ADC Kentrox Pacesetter *
dictionary = Paceset
ignore-ports = no
port-number-usage = per-port-type
help-id = 0
vendor-product = Access Beyond RAM Rack
dictionary = RAMRack
ignore-ports = no
port-number-usage = per-port-type
help-id = 0005
vendor-product = ACC Tigris and Amazon Servers
dictionary = ACC
ignore-ports = no
port-number-usage = per-port-type
help-id = 0082
vendor-product = Ascend MAX Family
dictionary = Ascend
ignore-ports = no
port-number-usage = per-port-type
help-id = 0008
vendor-product = Aventail
dictionary = Radius
ignore-ports = no
port-number-usage = per-port-type
help-id = 0050
vendor-product = Bay Networks Remote Annex
dictionary = Annex
ignore-ports = no
port-number-usage = per-port-type
help-id = 0011
vendor-product = Bay Networks Nautica Series
dictionary = Nautica
ignore-ports = no
port-number-usage = per-port-type
help-id = 0069
vendor-product = BBN Dialinx
dictionary = Dialinx
ignore-ports = no
port-number-usage = per-port-type
discard-after = @
help-id = 0015
vendor-product = Bintec Bianca Brick *
dictionary = Bintec
ignore-ports = no
port-number-usage = per-port-type
help-id = 0
vendor-product = CheckPoint FireWall-1
dictionary = FireWall
ignore-ports = no
port-number-usage = per-port-type
help-id = 0016
send-class-attribute = no
vendor-product = Cisco IOS 11.1
dictionary = Cisco
ignore-ports = no
port-number-usage = per-port-type
help-id = 0021
vendor-product = Cisco PIX Firewall
dictionary = Radius
ignore-ports = no
port-number-usage = per-port-type
help-id = 0083
vendor-product = Compatible Systems *
dictionary = Compatib
ignore-ports = no
port-number-usage = per-port-type
help-id = 0
vendor-product = CompuTone PowerRack
dictionary = Computon
ignore-ports = no
port-number-usage = per-port-type
help-id = 0024
vendor-product = Concentric RemoteLink Service
dictionary = Annex
ignore-ports = no
port-number-usage = per-port-type
discard-after = @
help-id = 0064
vendor-product = Digi LANAserver
dictionary = LANAsevr
ignore-ports = no
port-number-usage = per-port-type
help-id = 0027
vendor-product = Gandalf XpressConnect
dictionary = Gandalf
ignore-ports = no
port-number-usage = per-port-type
send-class-attribute = no
help-id = 0030
vendor-product = Kasten Chase Optiva *
dictionary = Optiva
ignore-ports = no
port-number-usage = per-port-type
help-id = 0
vendor-product = Lantronix LRS *
dictionary = LRS
ignore-ports = no
port-number-usage = per-port-type
help-id = 0053
vendor-product = LeeMah Bandwagon *
dictionary = Bandwagn
ignore-ports = no
port-number-usage = per-port-type
help-id = 0
vendor-product = Livingston PortMaster
dictionary = PortMstr
ignore-ports = no
port-number-usage = per-port-type
help-id = 0053
vendor-product = MichNet Shared Dial-in
dictionary = Ascend
ignore-ports = no
port-number-usage = per-port-type
discard-after = @
help-id = 0068
vendor-product = Microsoft RRAS for Windows NT
(Steelhead)
dictionary = Radius
ignore-ports = no
port-number-usage = per-port-type
help-id = 0
vendor-product = Proteon GT-Secure *
dictionary = GTSecure
ignore-ports = no
port-number-usage = per-port-type
help-id = 0
vendor-product = RADLINX PASSaPORT *
dictionary = Passaprt
ignore-ports = no
port-number-usage = per-port-type
help-id = 0
vendor-product = Raptor Eagle
dictionary = Eagle
ignore-ports = no
port-number-usage = per-port-type
help-id = 0036
vendor-product = Shiva LanRover/AccessSwitch
dictionary = Shiva
ignore-ports = no
port-number-usage = per-port-type
discard-before = /
help-id = 0039
vendor-product = Telebit NetBlazer
dictionary = NetBlazr
ignore-ports = no
port-number-usage = per-port-type
help-id = 0043
vendor-product = US Robotics NETServer
dictionary = Netservr
ignore-ports = no
port-number-usage = per-port-type
ignore-acct-ss = yes
help-id = 0046
vendor-product = UUNet VIP Service
dictionary = Ascend
ignore-ports = no
port-number-usage = per-port-type
discard-before = /
help-id = 0058
vendor-product = Zoom TribeLink *
dictionary = Tribelnk
ignore-ports = no
port-number-usage = per-port-type
help-id = 0
vendor-product = - Standard Radius -
dictionary = Radius
ignore-ports = yes
help-id = 0
- Then you have to copy the dictiona.dcm
file:
################################################################################
# dictiona.dcm
################################################################################
# Generic Radius
@radius.dct
#
# Specific Implementations (vendor specific)
#
@acc.dct
@accessbd.dct
@annex.dct
@ascend.dct
@bandwagn.dct
@bintec.dct
@cisco.dct
@compatib.dct
@computon.dct
@dialinx.dct
@eagle.dct
@firewall.dct
@gandalf.dct
@gtsecure.dct
@lanasevr.dct
@lrs.dct
@nautica.dct
@netblazr.dct
@netservr.dct
@optiva.dct
@paceset.dct
@passaprt.dct
@portmstr.dct
@ramrack.dct
@shiva.dct
@tribelnk.dct
################################################################################
# dictiona.dcm
################################################################################
- Last step is to insert the BinTec Radius dictionary file
(bintec.dct):
############################################################################
#
# RADIUS dictionary file
#
# (c) 1997 BinTec Communications GmbH
# Version 1.4
#
@radius.dct
#
# BinTec Extensions
#
ATTRIBUTE BinTec-biboPPPTable 224 string R
ATTRIBUTE BinTec-biboDialTable 225 string R
ATTRIBUTE BinTec-ipExtIfTable 226 string R
ATTRIBUTE BinTec-ipRouteTable 227 string R
ATTRIBUTE BinTec-ipExtRtTable 228 string R
ATTRIBUTE BinTec-ipNatPresetTable 229 string R
ATTRIBUTE BinTec-ipxCircTable 230 string R
ATTRIBUTE BinTec-ripCircTable 231 string R
ATTRIBUTE BinTec-sapCircTable 232 string R
ATTRIBUTE BinTec-ipxStaticRouteTable 233 string R
ATTRIBUTE BinTec-ipxStaticServTable 234 string R
#
# Framed Protocols
#
VALUE Framed-Protocol PPP 1
VALUE Framed-Protocol SLIP 2
VALUE Framed-Protocol X25 17825794
VALUE Framed-Protocol X25-PPP 17825795
VALUE Framed-Protocol IP-LAPB 17825796
VALUE Framed-Protocol IP-HDLC 17825798
VALUE Framed-Protocol MPR-LAPB 17825799
VALUE Framed-Protocol MPR-HDLC 17825800
VALUE Framed-Protocol FRAME-RELAY 17825801
VALUE Framed-Protocol X31-BCHAN 17825802
VALUE Framed-Protocol X75-PPP 17825803
VALUE Framed-Protocol X75BTX-PPP 17825804
VALUE Framed-Protocol X25-NOSIG 17825805
VALUE Framed-Protocol X25-PPP-OPT 17825806
- Now, if you add a attribute, you should see the included
BinTec attributes:
- You must not use BinTec attributes, sometimes standard
attributes work as well
e.g. for a Callback, you can use the standard attribute:
- ...otherwise set the value of the BinTec
ppptable:Callback and the Callbacknumber
in the dialtable and direction there to outgoing:
Please look for NEW FAQ's !