radius:authservice : The RADIUS authentication service object.

RADIUS provides authentication, accounting, and authorization functions.

The NIOS appliance supports authentication using the following RADIUS servers: FreeRADIUS, Microsoft, Cisco, and Funk.

When NIOS authenticates administrators against RADIUS servers, NIOS acts similarly to a network access server (NAS), which is a RADIUS client that sends authentication and accounting requests to a RADIUS server.

To configure NIOS to use one or more RADIUS server groups to authenticate administrators, do the following: 1. Configure at least one RADIUS authentication server group (authentication service) 2. Define admin groups for the admins that are authenticated by the RADIUS servers and specify their privileges and settings 3. Add the RADIUS server groups and the admin groups that match those on RADIUS server to authentication policy.

Object Reference

References to radius:authservice are object references.

The name part of a RADIUS authentication service has the following components:

  • The name of the RADIUS authentication service.

Example:radius:authservice/ZG5zLm5ldHdvcmtfdmlldyQxMTk:RADIUSAuth

Restrictions

The object does not support the following operations:

  • Scheduling
  • CSV export

The object cannot be managed on Cloud Platform members.

Fields

These fields are actual members of the object; thus, they can be requested by using _return_fields, if the fields are readable.

The basic version of the object contains the field(s): comment, disable, name.

The following fields are required to create this object:

Field Notes
name  
servers  

acct_retries

acct_retries

The number of times to attempt to contact an accounting RADIUS server.

Type

Unsigned integer.

Create

The default value is 1000.

Search

The field is not available for search.

acct_timeout

acct_timeout

The number of seconds to wait for a response from the RADIUS server.

Type

Unsigned integer.

Create

The default value is 5000.

Search

The field is not available for search.

auth_retries

auth_retries

The number of times to attempt to contact an authentication RADIUS server.

Type

Unsigned integer.

Create

The default value is 6.

Search

The field is not available for search.

auth_timeout

auth_timeout

The number of seconds to wait for a response from the RADIUS server.

Type

Unsigned integer.

Create

The default value is 5000.

Search

The field is not available for search.

cache_ttl

cache_ttl

The TTL of cached authentication data in seconds.

Type

Unsigned integer.

Create

The default value is 3600.

Search

The field is not available for search.

comment

comment

The RADIUS descriptive comment.

Type

String.

Create

The default value is empty.

Search

The field is available for search via

  • ‘:=’ (case insensitive search)
  • ‘=’ (exact equality)
  • ‘~=’ (regular expression)

Notes

The comment is part of the base object.

disable

disable

Determines whether the RADIUS authentication service is disabled.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

Notes

The disable is part of the base object.

enable_cache

enable_cache

Determines whether the authentication cache is enabled.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

mode

mode

The way to contact the RADIUS server.

Type

String.

Valid values are:
  • HUNT_GROUP
  • ROUND_ROBIN

Create

The default value is HUNT_GROUP.

Search

The field is available for search via

  • ‘=’ (exact equality)

name

name

The RADIUS authentication service name.

Type

String.

Create

The field is required on creation.

Search

The field is available for search via

  • ‘:=’ (case insensitive search)
  • ‘=’ (exact equality)
  • ‘~=’ (regular expression)

Notes

The name is part of the base object.

recovery_interval

recovery_interval

The time period to wait before retrying a server that has been marked as down.

Type

Unsigned integer.

Create

The default value is 30.

Search

The field is not available for search.

servers

servers

The ordered list of RADIUS authentication servers.

Type

A/An The RADIUS authentication server structure struct array.

Create

The field is required on creation.

Search

The field is not available for search.

Function Calls

check_radius_server_settings

Test connectivity to the server, authentication and accounting settings.

This function does not support multiple object matches when called as part of an atomic insertion operation.

Input fields

acct_timeout ( Unsigned integer. ) The accounting timeout in milliseconds. The default value is “5000”.

auth_timeout ( Unsigned integer. ) The authentication timeout in milliseconds. The default value is “5000”.

radius_authservice ( String. ) The name of the parent RADIUS authentication service.

radius_server ( A/An The RADIUS authentication server structure struct. ). This parameter is mandatory. The RADIUS server which will be tested. The ‘disable’ flag is ignored.

Output fields

error_message ( String. ) The detailed description of failure.

overall_status ( String. Valid values are: “SUCCESS”, “FAILED” ) The overall status of the test.

Fields List

Field Type Req R/O Base Search
acct_retries Unsigned int N N N N/A
acct_timeout Unsigned int N N N N/A
auth_retries Unsigned int N N N N/A
auth_timeout Unsigned int N N N N/A
cache_ttl Unsigned int N N N N/A
comment String N N Y : = ~
disable Bool N N Y N/A
enable_cache Bool N N N N/A
mode String N N N =
name String Y N Y : = ~
recovery_interval Unsigned int N N N N/A
servers [struct] Y N N N/A