RADIUS External Authentication
This section describes how to set up Remote Authentication Dial In User Service (RADIUS) external authentication.
Genesys Configuration Server supports all versions of RADIUS, an industry standard for authentication. The architectural schema is identical to the one shown here, where a RADIUS server acts as a third-party authentication server.
Configuration Server external authentication supports multiple RADIUS servers. The active, or responding, authentication server is used for authorization of all subsequent clients. When this server does not respond, the next server in the list (of servers, as specified in the servers file) is tried, and if it responds, it becomes the active authentication server. This process continues sequentially through the list of authentication servers.
Starting in release 8.0, RADIUS messages concerning the success and failure of each RADIUS authentication attempt are relayed from the RADIUS server back through Configuration Server for display to the end user.
In geographically distributed systems prior to release 8.0, RADIUS external authentication was configured only on the Master Configuration Server, and each Configuration Server Proxy passed authentication requests to it. Starting in release 8.0, RADIUS External Authentication can be configured on the Master Configuration Server and on each Configuration Server Proxy. Therefore, each Configuration Server Proxy can process authentication requests itself, and not pass them on to the Master Configuration Server.
Deploying RADIUS External Authentication
To deploy RADIUS, do the following:
|1. Install Configuration Server and deploy RADIUS during installation. [+] Show steps
During the installation of Configuration Server, a configuration options section named authentication is added to the configuration file, and is copied into the database when Configuration Server starts (see Configuring the Master Configuration Server). This section indicates if external authentication is to be used, and if so, what type.
The following is an example of the authentication section in the configuration file of a Configuration Server that will use only RADIUS external authentication:
|2. Modify the RADIUS configuration files.|
The following table lists the pluggable modules used for communication with the third-party authentication server.
In addition to the pluggable module file, three RADIUS configuration files are copied to the destination directory when you install Configuration Server:
You must modify the servers and radiusclient.conf files. Do not modify the dictionary file.[+] Show steps
|3. (Optional) Install as many Configuration Servers, including Configuration Server Proxies as required, deploying RADIUS during the installation. Repeat the previous steps to deploy RADIUS on regular Configuration Servers, and use the following steps to deploy it on Configuration Server Proxies: [+] Show steps|
This section describes the configuration options used when deploying and using RADIUS External Authentication.
This section must be called authentication.
Default Value: No default value
Valid Values: Depends on type configuration option, as follows:
|gauth_radius, gauth_ldap||Configuration Server, Configuration Server Proxy|
|gauth_ldap, gauth_radius||Configuration Server, Configuration Server Proxy|
Changes Take Effect: Upon restart of the object for which this option is set
Specifies the section that specifies the external authentication parameters. This option is mandatory, and its value is set automatically during installation. You can deploy both RADIUS and LDAP on the same Configuration Server or Configuration Server Proxy. If this Configuration Server or Configuration Server Proxy was previously configured for another type of authentication, add, gauth_radius to the value of this option.
When set to internal, all users associated with the object in which the object is set to this value are validated internally.