Sun ONE logo      Previous      Contents      Index      Next     

Sun ONE Identity Server Deployment Guide

Appendix E
Authenticate Against RADIUS Servers

Sun™ One Identity Server is able to authenticate users against a Remote Authentication Dial-In User Service (RADIUS) server. This appendix contains instructions to setup this deployment. It contains the following sections:


RADIUS is an industry standard protocol used to provide authentication and authorization services. In this type of authentication, Identity Server, the client, sends RADIUS-formatted messages to a RADIUS server which authenticates and authorizes the request and sends back a RADIUS-formatted response.

RADIUS Server Configuration

The following procedures will allow an administrator to test Identity Server authentication against a RADIUS server.

  1. Add a user entry to the RADIUS server which will be used to test authentication.
  2. The following user information should be added to RADIUS_install/etc/ raddb/users where Login-Host is the host and domain of the machine where Identity Server is running.

    Code Example 5-35  RADIUS User Entry

    "Sample_User1" Password == "Password"

    User-Service-Type = Login-User,

    Login-Host = identity_server_host.domain_name,

    Login-Service = PortMaster

  3. Add the Identity Server Fully Qualified Domain Name (FQDN) or IP address to the RADIUS server.
  4. This client information is added to RADIUS_install/etc/raddb/clients. Ensure that the defined shared ‘secret’ is also added.

    Code Example 5-36  RADIUS Client Entry <secret> <secret>

  5. Change to the RADIUS_install/sbin directory and restart the RADIUS server using the command:
  6. ./radiusd &.

Identity Server Configuration

  1. Login to Identity Server as amAdmin.
  2. Go to the top-level organization.
  3. Select Services from the View drop down in the Navigation frame.
  4. If RADIUS is not a registered authentication service, then click Register....
  5. If RADIUS is already registered, go to Step 6.

  6. Select "RADIUS" from the Data frame and click Register.
  7. Click on the RADIUS properties arrow in the Navigation frame.
  8. If the template is not created, create it.

  9. Add the FQDN or IP address of the RADIUS Server in the RADIUS Server 1 field.
  10. Enter the shared secret used in Step 2 of "RADIUS Server Configuration".
  11. Enter the RADIUS server’s port number and save the template’s changes.
  12. The default is 1645.

  13. Click on the Core properties arrow in the Navigation frame.
  14. Select RADIUS in the Organization Authentication Modules list and save the change.

  15. Caution

    In Step 11, be sure not to deselect LDAP when selecting RADIUS.

  16. Logout from the Identity Server console.
  17. Login as Sample_User1 with the URL http://identity_server_host.domain_name:port/service_deploy_uri/UI/Login?module=RADIUS.

Previous      Contents      Index      Next     

Copyright 2003 Sun Microsystems, Inc. All rights reserved.