You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This page contains some high-level technical tips when authenticating a RADIUS user between the Sonus SBC 1000/2000 to a FreeRADIUS Server provider:

FreeRADIUS Sample Configuration

In this section, we provide sample FreeRADIUS configuration bits relevant to RADIUS user authentication on Sonus SBC 1000/2000.

Users

We configure a RADIUS user called raduser who's User Class is ReadOnlyClass. This class name needs to be configured on the Sonus SBC 1000/2000 - see Managing RADIUS User Class Access Level Mapping.

raduser User-Password == "Passw0rd"
        Class == "ReadOnlyClass"

radiusd.conf

This is used for the RADIUS server healthcheck:

status_server = yes

clients.conf

This defines the RADIUS client information with the RADIUS Server settings configured on Sonus SBC 1000/2000

client 172.16.250.246/32 {
       secret          = Passw0rd
       shortname       = Sonus SBC 1000/2000246
}

RADIUS Server Authentication Message Exchange

When a RADIUS user attempts to authenticate on the Sonus SBC 1000/2000 system, the Sonus SBC 1000/2000 behaves as a RADIUS authentication client and sends an Access-Request to the RADIUS server:

rad_recv: Access-Request packet from host 172.16.250.246:38525, id=170, length=65
        Service-Type = Login-User
        User-Name = "raduser"
        User-Password = "Passw0rd"
        NAS-Port = 0
        NAS-IP-Address = 172.16.250.246

If the request is authenticated

The RADIUS server responds with Access-Accept and it returns the Class attribute attribute:

Sending Access-Accept of id 170 to 172.16.250.246 port 38525
        Class == 0x41646d696e6973747261746f72436c617373

After Sonus SBC 1000/2000 receives the Access-Accept, Sonus SBC 1000/2000 uses the Class attribute returned by RADIUS to map the appropriate access level.

If the request is not authenticated

The RADIUS server responds with Access-Reject:

Sending Access-Reject of id 215 to 172.16.250.246 port 5412
  • No labels