| Line 12: | Line 12: | ||
| Local User || It will delete local users that are inactive for more than the specified day. | | Local User || It will delete local users that are inactive for more than the specified day. | ||
|- | |- | ||
| − | | NAS-ID || It automatically saves | + | | NAS-ID || It automatically saves [[NAS Identifier | NAS-IDs ]] from the ACCESS-REQUEST and deletes the inactive NAS IDs for more than the specified day. |
|- | |- | ||
|} | |} | ||
| + | ==== Password Settings for Local User ==== | ||
| + | You can set the password complexity rules for the local username. | ||
| − | ==== EAP ==== | + | ==== EAP(Extensible Authentication Protocol) ==== |
| − | + | The imRAD supports two EAP methods. You can select either the TTLS(AP Tunneled Transport Layer Security) or PEAP(Protected Extensible Authentication Protocol).<ref>https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol</ref> | |
| − | + | The recommended phase 2 authentication is the EAP-GTC(Generic Token Card). If a username is authenticated from a customer database by the Pass-Through Authentication, you should not use the MSCHAPv2 as phase 2 authentication. | |
| − | + | * Timer: A list is maintained to correlate EAP-Response packets with EAP-Request packets. After a configurable length of time, entries in the list expire, and are deleted. | |
| + | * Advanced | ||
| + | ** TLS Cipher Suite: Set this option to specify the allowed TLS cipher suites. The format is listed in https://www.openssl.org/docs/man1.0.2/man1/ciphers.html | ||
| + | ** TLS version: Set min / max TLS version. Some operating system still use TLS 1.0 | ||
| + | ==== RADIUS Database Configuration ==== | ||
| + | This setting writes the database connection information to has the radius service connect the local database. | ||
| + | You can check the connection status by click the "Connection Test" button. | ||
| − | ==== RADIUS | + | ==== RADIUS configuration ==== |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
기본 설정 사용을 권장하며 radiusd 포트를 변경하려면 고급을 클릭하여 설정 할 수 있습니다. | 기본 설정 사용을 권장하며 radiusd 포트를 변경하려면 고급을 클릭하여 설정 할 수 있습니다. | ||
Revision as of 14:21, 1 April 2021
RADIUS > Settings > General
Data Maintenance
| Items | Description |
|---|---|
| PTA Cached User | If you set this, the imRAD saves a username and its password into the imRAD local database. The password is encrypted with a hash function and can't be decrypted to a plaintext.
After that, the imRAD can authenticate a user not from a customer database but from the imRAD local database. This can reduce traffics to a customer database. The imRAD will delete after a specified number of days after being saved. |
| Local User | It will delete local users that are inactive for more than the specified day. |
| NAS-ID | It automatically saves NAS-IDs from the ACCESS-REQUEST and deletes the inactive NAS IDs for more than the specified day. |
Password Settings for Local User
You can set the password complexity rules for the local username.
EAP(Extensible Authentication Protocol)
The imRAD supports two EAP methods. You can select either the TTLS(AP Tunneled Transport Layer Security) or PEAP(Protected Extensible Authentication Protocol).[1] The recommended phase 2 authentication is the EAP-GTC(Generic Token Card). If a username is authenticated from a customer database by the Pass-Through Authentication, you should not use the MSCHAPv2 as phase 2 authentication.
- Timer: A list is maintained to correlate EAP-Response packets with EAP-Request packets. After a configurable length of time, entries in the list expire, and are deleted.
- Advanced
- TLS Cipher Suite: Set this option to specify the allowed TLS cipher suites. The format is listed in https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
- TLS version: Set min / max TLS version. Some operating system still use TLS 1.0
RADIUS Database Configuration
This setting writes the database connection information to has the radius service connect the local database. You can check the connection status by click the "Connection Test" button.
RADIUS configuration
기본 설정 사용을 권장하며 radiusd 포트를 변경하려면 고급을 클릭하여 설정 할 수 있습니다.