RADIUS Server Configuration

The RADIUS Requestor learns of its RADIUS servers and node secret from the variables RADIUSServers and RADIUSNodeSecret, respectively.

TheRADIUSServers variable can either be global or Screen-specific.

It contains the following items:

• sys=Screen (optional)

• prg=auth

• name=RADIUSServers

• values={ host=server ... } --Address object names or IP addresses or both of one or more RADIUS servers

• description="descriptive text" (optional)

• enabled | disabled -- The default is enabled.

For multiple-Screen installations, there are at least two approaches for dealing with the possible need to have Screens use different RADIUS servers. One is to employ the SCREEN attribute on address objects with the same name, and then use a globalRADIUSServers variable. Another is to avoid the use of SCREEN attributes on address objects and instead use the sys= item to create Screen-specificRADIUSServers variables. Of course, combinations are also possible. Naturally, the logic prefers Screen-specific address objects and variables over global ones.

The address object or objects (referenced by server name in the above) can be GROUP, RANGE, or SINGLE. server can also be a dotted-quad IP address; however, avoid such usage unless required. The first eight unique IP addresses produced during processing of the variable are used.

Because of the way SunScreen represents address objects, use of GROUP or RANGE objects results in server usage that is ordered by ascending IP address. The preference order of server use can be controlled precisely by the order of the subitems in the values={...} of theRADIUSServers variable.