| Line 33: | Line 33: | ||
==== RADIUS configuration ==== | ==== RADIUS configuration ==== | ||
We recommend having you use the default values. | We recommend having you use the default values. | ||
| + | |||
| + | The thread pool is a long-lived group of threads which take turns (round-robin) handling any incoming requests.<br> | ||
| + | You probably want to have a few spare threads around, so that high-load situations can be handled immediately. If you don't have any spare threads, then the request handling will be delayed while a new thread is created, and added to the pool. | ||
| + | You probably don't want too many spare threads around, otherwise they'll be sitting there taking up resources, and not doing anything productive. | ||
| + | ===== Advanced ===== | ||
| + | The port values of 1812 for authentication and 1813 for accounting are RADIUS standard ports defined by the Internet Engineering Task Force (IETF) in RFCs 2865 and 2866. | ||
| + | |||
| + | The wildcard (i.e. *) in the address field indicates "any". The 0 in the port field indicates "default".<br> | ||
| + | You can only change the port to another. | ||
Revision as of 10:08, 6 April 2021
RADIUS > Settings > General
Data Maintenance
| Items | Description |
|---|---|
| PTA Cached User | If you set this, the imRAD saves a username and its password into the imRAD local database. The password is encrypted with a hash function and can't be decrypted to a plaintext.
After that, the imRAD can authenticate a user not from a customer database but from the imRAD local database. This can reduce traffics to a customer database. The imRAD will delete after a specified number of days after being saved. |
| Local User | It will delete local users that are inactive for more than the specified day. |
| NAS-ID | It automatically saves NAS-IDs from the ACCESS-REQUEST and deletes the inactive NAS IDs for more than the specified day. |
Password Settings for Local User
You can set the password complexity rules for the local username.
EAP(Extensible Authentication Protocol)
The imRAD supports two EAP methods. You can select either the TTLS(AP Tunneled Transport Layer Security) or PEAP(Protected Extensible Authentication Protocol).[1] The recommended phase 2 authentication is the EAP-GTC(Generic Token Card). If a username is authenticated from a customer database by the Pass-Through Authentication, you should not use the MSCHAPv2 as phase 2 authentication.
- Timer: A list is maintained to correlate EAP-Response packets with EAP-Request packets. After a configurable length of time, entries in the list expire, and are deleted.
- Advanced
- TLS Cipher Suite: Set this option to specify the allowed TLS cipher suites. The format is listed in https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
- TLS version: Set min / max TLS version. Some operating system still use TLS 1.0
RADIUS Database Configuration
This setting writes the database connection information to has the radius service connect the local database. You can check the connection status by click the "Connection Test" button.
RADIUS configuration
We recommend having you use the default values.
The thread pool is a long-lived group of threads which take turns (round-robin) handling any incoming requests.
You probably want to have a few spare threads around, so that high-load situations can be handled immediately. If you don't have any spare threads, then the request handling will be delayed while a new thread is created, and added to the pool.
You probably don't want too many spare threads around, otherwise they'll be sitting there taking up resources, and not doing anything productive.
Advanced
The port values of 1812 for authentication and 1813 for accounting are RADIUS standard ports defined by the Internet Engineering Task Force (IETF) in RFCs 2865 and 2866.
The wildcard (i.e. *) in the address field indicates "any". The 0 in the port field indicates "default".
You can only change the port to another.