RADIUS provides authentication, accounting, and authorization functions.
The NIOS appliance supports authentication using the following RADIUS servers: FreeRADIUS, Microsoft, Cisco, and Funk.
When NIOS authenticates administrators against RADIUS servers, NIOS acts similarly to a network access server (NAS), which is a RADIUS client that sends authentication and accounting requests to a RADIUS server.
To configure NIOS to use one or more RADIUS server groups to authenticate administrators, do the following: 1. Configure at least one RADIUS authentication server group (authentication service) 2. Define admin groups for the admins that are authenticated by the RADIUS servers and specify their privileges and settings 3. Add the RADIUS server groups and the admin groups that match those on RADIUS server to authentication policy.
References to radius:authservice are object references.
The name part of a RADIUS authentication service has the following components:
- The name of the RADIUS authentication service.
Example:radius:authservice/ZG5zLm5ldHdvcmtfdmlldyQxMTk:RADIUSAuth
The object does not support the following operations:
The object cannot be managed on Cloud Platform members.
These fields are actual members of the object; thus, they can be requested by using _return_fields, if the fields are readable.
The basic version of the object contains the field(s): comment, disable, name.
The following fields are required to create this object:
| Field | Notes |
|---|---|
| name | |
| servers |
The number of times to attempt to contact an accounting RADIUS server.
Type
Unsigned integer.
Create
The default value is 1000.
Search
The field is not available for search.
The number of seconds to wait for a response from the RADIUS server.
Type
Unsigned integer.
Create
The default value is 5000.
Search
The field is not available for search.
The number of times to attempt to contact an authentication RADIUS server.
Type
Unsigned integer.
Create
The default value is 6.
Search
The field is not available for search.
The number of seconds to wait for a response from the RADIUS server.
Type
Unsigned integer.
Create
The default value is 5000.
Search
The field is not available for search.
The TTL of cached authentication data in seconds.
Type
Unsigned integer.
Create
The default value is 3600.
Search
The field is not available for search.
The RADIUS descriptive comment.
Type
String.
Create
The default value is empty.
Search
The field is available for search via
Notes
The comment is part of the base object.
Determines whether the RADIUS authentication service is disabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Notes
The disable is part of the base object.
Determines whether the authentication cache is enabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The way to contact the RADIUS server.
Type
String.
Create
The default value is HUNT_GROUP.
Search
The field is available for search via
The RADIUS authentication service name.
Type
String.
Create
The field is required on creation.
Search
The field is available for search via
Notes
The name is part of the base object.
The time period to wait before retrying a server that has been marked as down.
Type
Unsigned integer.
Create
The default value is 30.
Search
The field is not available for search.
The ordered list of RADIUS authentication servers.
Type
A/An The RADIUS authentication server structure struct array.
Create
The field is required on creation.
Search
The field is not available for search.
Test connectivity to the server, authentication and accounting settings.
This function does not support multiple object matches when called as part of an atomic insertion operation.
Input fields
acct_timeout ( Unsigned integer. ) The accounting timeout in milliseconds. The default value is “5000”.
auth_timeout ( Unsigned integer. ) The authentication timeout in milliseconds. The default value is “5000”.
radius_authservice ( String. ) The name of the parent RADIUS authentication service.
radius_server ( A/An The RADIUS authentication server structure struct. ). This parameter is mandatory. The RADIUS server which will be tested. The ‘disable’ flag is ignored.
Output fields
error_message ( String. ) The detailed description of failure.
overall_status ( String. Valid values are: “SUCCESS”, “FAILED” ) The overall status of the test.
| Field | Type | Req | R/O | Base | Search |
|---|---|---|---|---|---|
| acct_retries | Unsigned int | N | N | N | N/A |
| acct_timeout | Unsigned int | N | N | N | N/A |
| auth_retries | Unsigned int | N | N | N | N/A |
| auth_timeout | Unsigned int | N | N | N | N/A |
| cache_ttl | Unsigned int | N | N | N | N/A |
| comment | String | N | N | Y | : = ~ |
| disable | Bool | N | N | Y | N/A |
| enable_cache | Bool | N | N | N | N/A |
| mode | String | N | N | N | = |
| name | String | Y | N | Y | : = ~ |
| recovery_interval | Unsigned int | N | N | N | N/A |
| servers | [struct] | Y | N | N | N/A |
