Jump to: navigation, search

RADIUS External Authentication

This section describes how to set up Remote Authentication Dial In User Service (RADIUS) external authentication.

Overview

Genesys Configuration Server supports all versions of RADIUS, an industry standard for authentication. The architectural schema is identical to the one shown here, where a RADIUS server acts as a third-party authentication server.

Configuration Server external authentication supports multiple RADIUS servers. The active, or responding, authentication server is used for authorization of all subsequent clients. When this server does not respond, the next server in the list (of servers, as specified in the servers file) is tried, and if it responds, it becomes the active authentication server. This process continues sequentially through the list of authentication servers.

Starting in release 8.0, RADIUS messages concerning the success and failure of each RADIUS authentication attempt are relayed from the RADIUS server back through Configuration Server for display to the end user.

In geographically distributed systems prior to release 8.0, RADIUS external authentication was configured only on the Master Configuration Server, and each Configuration Server Proxy passed authentication requests to it. Starting in release 8.0, RADIUS External Authentication can be configured on the Master Configuration Server and on each Configuration Server Proxy. Therefore, each Configuration Server Proxy can process authentication requests itself, and not pass them on to the Master Configuration Server.

Deploying RADIUS External Authentication

To deploy RADIUS, do the following:

1. Install Configuration Server and deploy RADIUS during installation. [+] Show steps

During the installation of Configuration Server, a configuration options section named authentication is added to the configuration file, and is copied into the database when Configuration Server starts (see Configuring the Master Configuration Server). This section indicates if external authentication is to be used, and if so, what type.

The following is an example of the authentication section in the configuration file of a Configuration Server that will use only RADIUS external authentication:

[authentication]
library=gauth_radius
2. Modify the RADIUS configuration files.

The following table lists the pluggable modules used for communication with the third-party authentication server.

Operating System Module for 32-bit Version Module for 64-bit Version
Pluggable Module Names for RADIUS
Windows gauth_radius.dll
Solaris libgauth_radius_32.so libgauth_radius_64.so
AIX libgauth_radius_32.so libgauth_radius_64.so
Red Hat Linux libgauth_radius_32.so libgauth_radius_64.so

In addition to the pluggable module file, three RADIUS configuration files are copied to the destination directory when you install Configuration Server:

  • servers—specifies connection parameters of the RADIUS servers.
  • radiusclient.conf—specifies the RADIUS client parameters.
  • dictionary—contains communication protocol data.
    Important
    When creating user reply messages, note that the length of the Reply Message attribute or State attribute strings is 128 characters or less.

You must modify the servers and radiusclient.conf files. Do not modify the dictionary file.

[+] Show steps
3. (Optional) Install as many Configuration Servers, including Configuration Server Proxies as required, deploying RADIUS during the installation. Repeat the previous steps to deploy RADIUS on regular Configuration Servers, and use the following steps to deploy it on Configuration Server Proxies: [+] Show steps

Configuration Options

This section describes the configuration options used when deploying and using RADIUS External Authentication.

authentication Section

This section must be called authentication.

library

Default Value: No default value
Valid Values: Depends on type configuration option, as follows:

gauth_radius All
gauth_ldap All
gauth_radius, gauth_ldap Configuration Server, Configuration Server Proxy
gauth_ldap, gauth_radius Configuration Server, Configuration Server Proxy
internal Tenant, Person

Changes Take Effect: Upon restart of the object for which this option is set

Specifies the section that specifies the external authentication parameters. This option is mandatory, and its value is set automatically during installation. You can deploy both RADIUS and LDAP on the same Configuration Server or Configuration Server Proxy. If this Configuration Server or Configuration Server Proxy was previously configured for another type of authentication, add, gauth_radius to the value of this option.

When set to internal, all users associated with the object in which the object is set to this value are validated internally.

This page was last edited on December 13, 2017, at 19:26.
blog comments powered by Disqus