RADIUS user configuration

When configured to use RADIUS support, the Connect EZ 2 device uses a remote RADIUS server for user authentication (password verification) and authorization (assigning the access level of the user). Additional RADIUS servers can be configured as backup servers for user authentication.

This section outlines how to configure a RADIUS server to be used for user authentication on your Connect EZ 2 device.

Example FreeRADIUS configuration

With FreeRADIUS, users are defined in the users file in your FreeRADIUS installation. To define users:

  1. Open the FreeRadius user file in a text editor. For example:
    $ sudo gedit /etc/freeradius/3.0/users
  2. Add users to the file using the following format:
    user1 Cleartext-Password := "user1"
	Unix-FTP-Group-Names := "admin"

user2 Cleartext-Password := "user2"
	Unix-FTP-Group-Names := "serial"

    3. The Unix-FTP-Group-Names attribute is optional. If used, the value must correspond to authentication groups configured on your Connect EZ 2. Alternatively, if the user is also configured as a local user on the Connect EZ 2 device and the RADIUS server authenticates the user but does not return any groups, the local configuration determines the list of groups. See Authentication groups for more information about authentication groups. The Unix-FTP-Group-Names attribute can contain one group or multiple groups in a comma-separated list.

  3. Save and close the file.
  4. Verify that your changes did not introduce any syntax errors:
    5. $ sudo freeradius -CX

    This should return a message that completes similar to:

    ...
Configuration appears to be OK
  5. Restart the FreeRADIUS server:
    6. $ sudo /etc/init.d/freeradius restart