Procedure:

On the SMS toolbar, navigate to Admin > Authentication and Authorization.

Select the Authentication option.

In the Authentication Configuration area, select the RADIUS tab.

To configure the primary RADIUS server click Edit in the Primary RADIUS Server area. To configure a backup RADIUS server click Edit in the Backup RADIUS Server area.

The Edit RADIUS Server dialog box opens, enter the required information:

Setting

Description

IP Address

The IP address of the RADIUS server.

Port

Port on the RADIUS server that listens for authentication requests; the default value is 1812.

Authentication Protocol

Authentication method used on the RADIUS server:

PAP
MD5
PEAP/EAP-MSCHAPv2

To use the PEAP/EAP-MSCHAPv2 protocol, you must first import an X509 certificate for the RADIUS server. You can click Import to import a certificate or choose a previously imported one from the SMS certificate repository.

IMPORTANT: certificate import or reset is a separate operation from configuring the authentication source and takes effect immediately. The SMS administration should carefully coordinate the certificate and the changes to the RADIUS configuration.

Secret/Confirm Secret

The string used to encrypt and sign packets between RADIUS clients and the RADIUS server is set in the RADIUS client configuration file.

Timeout

Timeout, in seconds, for communication with the RADIUS server; the default value is 3 seconds.

You can test the RADIUS configuration by entering a valid server username and Password (and confirming) and then clicking Test.

Click OK to save the server configuration.

NOTE: An X509 certificate is required for validating PEAP/EAP-MSCHAPv2 authentication responses. The certificate is generated on the RADIUS server, and must be imported to the SMS. The SMS server accepts DER (binary) or PEM (Base64) encoded X509 certificates.

How do I setup for RADIUS authentication on the SMS?

Product / Version includes:

TippingPoint SMSAll

Last updated: 2024/08/06

Solution ID: KA-0017374

Category: Configure , Troubleshoot , Deploy

Summary

Remote Authentication Dial-In User Service (RADIUS)</b> is an industry-standard method to authenticate user login requests. The SMS server supports the use of RADIUS to authenticate logon requests. While authentication is performed on the RADIUS server, the user role and its access rights are maintained on the SMS server. If the RADIUS server is unavailable, SMS can authenticate the user locally. SMS does not permit you to manage the SMS user account on the RADIUS server. Most notably, you can only modify the user password from the SMS server; you cannot modify it on the RADIUS server.

NOTE: When SMS is configured to operate in HA mode and SMS client authentication occurs through a RADIUS server, the SMS HA configuration must make use of the shared virtual management IP address, and that IP address must be set in the RADIUS server as a location from which to accept authentication requests.

Procedure:

Log in to the SMS from a client.
On the SMS toolbar, navigate to Admin > Authentication and Authorization.
Select the Authentication option.
In the Authentication Configuration area, select the RADIUS tab.
To configure the primary RADIUS server click Edit in the Primary RADIUS Server area. To configure a backup RADIUS server click Edit in the Backup RADIUS Server area.
The Edit RADIUS Server dialog box opens, enter the required information:

Setting	Description
IP Address	The IP address of the RADIUS server.
Port	Port on the RADIUS server that listens for authentication requests; the default value is 1812.
Authentication Protocol	Authentication method used on the RADIUS server: PAP MD5 PEAP/EAP-MSCHAPv2 To use the PEAP/EAP-MSCHAPv2 protocol, you must first import an X509 certificate for the RADIUS server. You can click Import to import a certificate or choose a previously imported one from the SMS certificate repository. IMPORTANT: certificate import or reset is a separate operation from configuring the authentication source and takes effect immediately. The SMS administration should carefully coordinate the certificate and the changes to the RADIUS configuration.
Secret/Confirm Secret	The string used to encrypt and sign packets between RADIUS clients and the RADIUS server is set in the RADIUS client configuration file.
Timeout	Timeout, in seconds, for communication with the RADIUS server; the default value is 3 seconds.

You can test the RADIUS configuration by entering a valid server username and Password (and confirming) and then clicking Test.
Click OK to save the server configuration.

Reference: SMS User Guide

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

How do I setup for RADIUS authentication on the SMS?

Procedure:

How do I setup for RADIUS authentication on the SMS?

Product / Version includes:

Summary

Procedure: