Manualshelf

Deployment Guide

ManualsBrandsDell ManualsAccess PlatformsW-Clearpass 100 Software
101102103104105106107108109110
102 | RADIUS Services Amigopod 3.7 | Deployment Guide
Use PHP code to assign a user role (Advanced) may be selected to return a role ID for users
authenticated via EAP-TLS on a client’s local certificate server. The PHP authorization code is entered
on the Edit Authentication Server form.
The RADIUS Authentication diagnostic can be used to demonstrate the difference between the various
authorization methods.
To use the diagnostic, navigate to RADIUS Services> Server Control and click the Test RADIUS
Authentication command link. Enter the username and password for a user that is externally
authenticated.
Click the Run button to perform RADIUS authentication and display the results:
With authorization method No authorization – Authenticate only:
Sending Access-Request of id 165 to 127.0.0.1 port 1812
User-Name = "demouser"
User-Password = "XXXXXXXX"
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=165, length=20
Note that in this case, no RADIUS attributes are returned. The Access-Accept or Access-Reject result
indicates whether the user was successfully authenticated.
With authorization method Assign a fixed user role:
Sending Access-Request of id 122 to 127.0.0.1 port 1812
User-Name = "demouser"
User-Password = "XXXXXXXX"
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=122, length=27
Reply-Message = "Guest"
Note that in this case, the RADIUS attribute returned (Reply-Message) corresponds to the user role
selected.
With authorization method Use PHP code to assign a user role (Advanced) – more complex
authorization rules can be implemented to specify which role to assign to an authenticated user.
Authorization can use any of the available properties of the user account, as well as taking into account
other factors such as the time of day, previous usage, and more.