Integrating RADIUS Server & Leveraging RADIUS Authentication
You can integrate PAM360 and RADIUS server in your environment and also leverage the RADIUS authentication for user access bypassing the local authentication provided by PAM360. This section explains the configurations involved in integrating RADIUS server with PAM360.
Step 1 - Providing Basic Details about RADIUS Server
To configure RADIUS server in PAM360, provide the following basic details about RADIUS server and credentials to establish connection:
- Go to "Admin" >> "Users" >> "RADIUS"
- In the UI that opens, click the button "Configure" on step 1
- In the UI that opens, provide the following details
- Server Name/IP Address - enter the host name or IP address of the host where RADIUS server is running
- Server Authentication Port - enter the port used for RADIUS server authentication. By default, RADIUS has been assigned the UDP port 1812 for RADIUS Authentication
- Server Protocol - select the protocol that is used to authenticate users. Choose from four protocols - Password Authentication Protocol (PAP), Challenge-Handshake Authentication Protocol (CHAP), Microsoft Challenge-Handshake Authentication Protocol (MSCHAP), Version 2 of Microsoft Challenge-Handshake Authentication Protocol (MSCHAP2)
- Authentication Retries - select the number of times you wish to retry authentication in the event of an authentication failure
- Server Secret - You have the option to enter the RADIUS server secret either manually in the text box or you can direct PAM360 to use the secret already stored in the product. In that case, you need to select the resource name and account name from the drop-down. The second option - storing the RADIUS password in PAM360 and selecting it from drop-down is the recommended approach.
- Click "Save"
Step 2 - Enable RADIUS Authentication
After configuring the RADIUS server, the next step is to leverage the RADIUS server's authentication mechanism. To enable RADIUS authentication, click the button "Enable" in step 2. Once you do this, users would be able to login with their RADIUS credentials.
Important Note: The users who will be accessing PAM360 using their RADIUS server credentials, will have to be added as users in PAM360 first. When you do so, you need to ensure that the "user name" in PAM360 is exactly the same as the username used for accessing the RADIUS server. Here, PAM360 does not store the password used for RADIUS authentication.