To authenticate users, who are using the Radius server via the PCS device, perform the following procedure:
- Go to Authentication > Auth servers and from the the drop-down box select Radius server.
- Type the name of the server. For example, RAS-Radius.
- NAS-Identifier: <optional>.
- Radius server: Type the IP address of the Radius server. For example, 10.141.232.51.
- Authentication port: 1812.
- Shared Secret: It should be the same as the Radius server.
- NAS-IP-Address: <optional>
- Back up the server (if required).
- Radius Accounting (if required).
- Scroll down and click Save Changes.
When the PCS device is configured, add the PCS device as a client in the SBR Radius server:
- Go to Radius Clients and click the Add button:
The Add Radius Client window is displayed. Provide the following information:
- Name: SA device (sample name)
- IP Address: PCS IP address.
- Shared Secret: The same secret which was configured on the PCS device.
- Now you can add the users, either in Native or Domain. If users are native, then add them via the Native option or if the users need to be mapped via domains, then use domain.
Now you can map the configured Radius Auth server to the required realms and authenticate users.
You can also configure Two Factor Authentication
in the device with Active Directory as the primary authentication and Radius as the secondary authentication.
- Configure the Radius Server (for example, RAS-Radius) as the secondary authentication server and the Active Directory server (for example, NSR-AD-98) as the primary authentication server in the device:
- Implementing the Primary and Secondary authentication at the Realm level:
For additional authentication with the Radius server:
- Authentication #2: Select the Secondary Authentication (as the Radius Authentication server instance; for example, RAS-Radius).
- Specify by user on sign-in page: it will take the user name that is specified during the first authentication.
- Specify by user on sign-in page: it will take the user password that is specified during the first authentication.
- The End session if authentication against this server fails check box should be selected; it will end the session, if the authentication fails during the secondary authentication.