This page contains some high-level technical tips when authenticating a RADIUS user between the SBC Edge (SBC) to a FreeRADIUS Server provider:
In this section, we provide sample FreeRADIUS configuration bits relevant to RADIUS user authentication on SBC.
Users
We configure a RADIUS user called raduser who's User Class is ReadOnlyClass. This class name needs to be configured on the SBC - see Managing RADIUS User Class Access Level Mapping.
raduser User-Password == "Passw0rd" Class == "ReadOnlyClass"
radiusd.conf
This is used for the RADIUS server healthcheck:
status_server = yes
clients.conf
This defines the RADIUS client information with the RADIUS Server settings configured on SBC
client 172.16.250.246/32 { secret = Passw0rd shortname = SBC246 }
When a RADIUS user attempts to authenticate on the SBC system, the SBC behaves as a RADIUS authentication client and sends an Access-Request to the RADIUS server:
rad_recv: Access-Request packet from host 172.16.250.246:38525, id=170, length=65 Service-Type = Login-User User-Name = "raduser" User-Password = "Passw0rd" NAS-Port = 0 NAS-IP-Address = 172.16.250.246
The RADIUS server responds with Access-Accept and it returns the Class attribute attribute:
Sending Access-Accept of id 170 to 172.16.250.246 port 38525 Class == 0x41646d696e6973747261746f72436c617373
After SBC receives the Access-Accept, SBC uses the Class attribute returned by RADIUS to map the appropriate access level.
The RADIUS server responds with Access-Reject:
Sending Access-Reject of id 215 to 172.16.250.246 port 5412