Configuring RADIUS Authentication

A typical RADIUS configuration uses two Screens, each of which protects the site. With multiple sites, a given site may use the RADIUS server of another site as a backup.

To Configure RADIUS Authentication

Identify the RADIUS servers:

# ssadm edit Policy
edit> vars add prg=auth name=RADIUSServers 
VALUES={ host=radius_server_name }   
DESCRIPTION="RADIUS server name(s) or addresses to query"

Add the node secret used by the RADIUS protocol to secure traffic between the RADIUS client and server:
# ssadm edit Policy edit> vars add sys=screen_name prg=auth name=RADIUSNodeSecret VALUE="xxxxxxxx
Where xxxxxxxx is the RADIUS Node Secret.

Add a rule to allow the SunScreen machine to communicate with the RADIUS servers:

# ssadm edit Policy
edit> add rule radius EFS_hostname radius_server_name ALLOW
edit> save
# ssadm activate Policy

Previous: SMTP Proxy Service
Next: Telnet Proxy Service With RADIUS User Authentication