Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java System Access Manager 6 2005Q1 Deployment Planning Guide 

Appendix F
Authenticate Against RADIUS Servers

Sun Java™ System Access Manager is able to authenticate users against a Remote Authentication Dial-In User Service (RADIUS) server. This appendix contains instructions to setup this deployment. It contains the following sections:

Overview

RADIUS is an industry standard protocol used to provide authentication and authorization services. In this type of authentication, Access Manager, the client, sends RADIUS-formatted messages to a RADIUS server which authenticates and authorizes the request and sends back a RADIUS-formatted response.

RADIUS Server Configuration

The following procedures will allow an administrator to test Access Manager authentication against a RADIUS server.

  1. Add a user entry to the RADIUS server which will be used to test authentication.

    2. The following user information should be added to RADIUS_install/etc/ raddb/users where Login-Host is the host and domain of the machine where Access Manager is running.

    Code Example F-1  RADIUS User Entry

    "Sample_User1" Password == "Password"

    User-Service-Type = Login-User,

    Login-Host = access_manager_host.domain_name,

    Login-Service = PortMaster

  2. Add the Access Manager Fully Qualified Domain Name (FQDN) or IP address to the RADIUS server.

    3. This client information is added to RADIUS_install/etc/raddb/clients. Ensure that the defined shared ‘secret’ is also added.

    Code Example F-2  RADIUS Client Entry

    191.18.18.111 <secret>

    ms.red.example.com <secret>

  3. Change to the RADIUS_install/sbin directory and restart the RADIUS server using the command:

    4. ./radiusd &.

Access Manager Configuration

  1. Login to Access Manager as amAdmin.
  2. Go to the top-level organization.
  3. Select Services from the View drop down in the Navigation frame.
  4. If RADIUS is not a registered authentication service, then click Register....

    5. If RADIUS is already registered, go to Step 6.

  5. Select “RADIUS” from the Data frame and click Register.
  6. Click on the RADIUS properties arrow in the Navigation frame.

    7. If the template is not created, create it.

  7. Add the FQDN or IP address of the RADIUS Server in the RADIUS Server 1 field.
  8. Enter the shared secret used in Step 2 of RADIUS Server Configuration.
  9. Enter the RADIUS server’s port number and save the template’s changes.

    10. The default is 1645.

  10. Click on the Core properties arrow in the Navigation frame.
  11. Select RADIUS in the Organization Authentication Modules list and save the change.

    12. Caution

    In Step 11, be sure not to deselect LDAP when selecting RADIUS.

  12. Logout from the Access Manager console.
  13. Login as Sample_User1 with the URL http://access_manager_host.domain_name:port/service_deploy_uri/UI/Login?module=RADIUS.


Previous      Contents      Index      Next     

Part No: 817-7644-10.   Copyright 2005 Sun Microsystems, Inc. All rights reserved.