RADIUS Node Secret Configuration
The RADIUSNodeSecret variable specifies a character string to use for security and authenticity when interacting with the configured RADIUS server(s). Because of the way RADIUS operates, only the RADIUS Requestors have node secrets (not the servers).
The same value configured for "RADIUSNodeSecret" must also be introduced into each RADIUS server through its own configuration mechanism. (For obvious reasons, this should be done in an out-of-band fashion.)
The "RADIUSNodeSecret" variable is normally Screen-specific. It contains the following items:
sys=screen (optional) prg=auth name=RADIUSNodeSecret value="nodesecret" (node secret string) description="descriptive text" (optional) enabled | disabled (default is enabled) |
In multiple-Screen installations, the sys= item allows you to configure different node secrets for each Screen.
Caution - Because short-cuts were taken by some reference implementations, a common deficiency in RADIUS servers is the proper handling of node secrets that are longer than 31 characters. If you intend to use longer values, you should first determine that your server(s) can handle them correctly.
Once Addresses, Rules, and variables have been established, the configuration must be activated to propagate the changes.
- © 2010, Oracle Corporation and/or its affiliates