[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Configuring LDAP Authentication for the RAD-Series RADIUS Server

The SRC software assumes that all RADIUS authentications are performed against the SDX LDAP directory. This section also applies to RAD-Series Server integration with a JUNOSe router if RAD-Series RADIUS Server authenticates against an LDAP directory.

Configuring the RAD-Series Server Manager

The RAD-Series Server Manager configuration for the ProLDAP AATV is done through the authfile file, which is stored in the configuration directory /opt/aaa/etc. The configuration can be performed either manually by editing the authfile or through the Administration panes of RAD-Series Server Manager. The following methods are to be configured:

Administrators must create a table in the authfile file for each realm name.

realm     PROLDAP     description
{
Filter-Type bin | cis

Directory directory-1
{
Host dir1.host.com
Port port-number
Administrator directory-manager-dn
[Password directory-manager-password]
SearchBase realm-search-base-in-directory
Authenticate Auto | Bind | Search
}
...
}

where

The following authfile example depicts the treatment of PPP logins without any realms and with the realm name isp1.com.

# This is a realm entry for an LDAP Server with PROLDAP with NO Realm
#
NULL  PROLDAP Default-Setting
{
        Filter-Type BIN
        Directory SSC
        {
                Host 123.45.3.1
                Port 389
                Administrator "cn=umcadmin, o=umc"
                Password      "umc"
                SearchBase    "retailerName=default, o=users, o=umc"
                Authenticate  search
        }
}
# This is a realm entry for two LDAP Server with PROLDAP with Realm isp1.com
#
virneo.com  PROLDAP Virneo-Setting
{
       Filter-Type BIN
       Directory virneo
       {
               Host 245.3.4.5
               Port 389
               Administrator "cn=umcadmin, o=umc"
               Password      "umc"
               SearchBase    "retailerName=SP, o=users, o=umc"
               Authenticate  search
       }
    Directory virneo-backup
       {
               Host 245.3.4.6
               Port 389
               Administrator "cn=umcadmin, o=umc"
               Password      "umc"
               SearchBase    "retailerName=SP, o=users, o=umc"
               Authenticate  search

Configuring Realm Administration

The RAD-Series Server Manager allows you to perform realm administration.

To configure realm administration:

  1. From the RAD-Series Server Manager navigation pane, click Edit Configuration and Local Realms.
  2. Click on the New Local Realm link.

The Local Realms: Modify Local Realm pane appears.

  1. Specify the realm attributes.
  2. Click Modify.

Configuring LDAP Settings

To configure the LDAP settings:

  1. Select New LDAP Directory.

The LDAP Directory window appears.

  1. Specify the attributes.
  2. Click Save.

Configuring RADIUS Profiles with the LDAP Directory

RADIUS servers search objects from the type umcRadiusPerson to authenticate incoming PPP sessions. If RADIUS and JUNOSe-specific attributes must be returned to the JUNOSe router during the authentication process, RAD-Series RADIUS Server expects some special AAA attributes:

These attributes are multivalued attributes containing the RADIUS attribute value pairs to be processed by RAD-Series RADIUS Server.

The following example depicts a umcRadiusPerson object, which returns the RADIUS attribute values for Session-Timeout, Idle-Timeout, and Class, and the JUNOSe-specific attribute for the virtual router to be used on the JUNOSe router. This entry is shown in LDIF notation:

dn:serviceName=bras,uniqueID=jane,ou=local,retailerName=isp1,o=Users,

o=umc
objectClass: umcRadiusPerson
objectClass: umcServiceProfile
objectClass: top
uid: jane
userPassword: secret
serviceName: bras1
usedService: serviceName=bras,o=Services,o=umc
aaaReply: Virtual-Router-Name=Default
aaaReply: Class=1,uid,bras
aaaReply: Idle-Timeout=2700
aaaReply: Session-Timeout=10800

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]