RADIUS authentication provides a means to use an external RADIUS server for authentication purposes when logging in to NetClock. RADIUS allows the login password for user-created accounts to be stored and maintained in a central RADIUS server on the network.
This function greatly simplifies password management: Instead of having to change a password in many network appliances, it is changed on the RADIUS server only.
In order to use RADIUS authentication with NetClock, RADIUS and the RADIUS network server first need to be configured. Currently, http/https/ssh/telnet/ftp protocols are supported, i.e. you can login to a NetClock unit using RADIUS authentication via applications using any of these protocols.
Caution: In order to utilize RADIUS authentication, the account username on the RADIUS server must NOT be used with a local user account.
A user with the username user3 on the RADIUS server will not be able to login to a NetClock unit, if on that unit a local user account with the username user3 exists. However, once the user deleted the local user3 account, she will be able to login with the RADIUS user3 account.
Note: Next to the instructions below, this Technical Note contains additional detailed information about RADIUS Authentication.
See also TACACS+ Authentication
To enable or disable the use of RADIUS authentication on a NetClock unit:
- In the Web UI, navigate to MANAGEMENT > OTHER: Authentication.
- In the Actions panel on the left, click RADIUS. The RADIUS Setup window will be displayed:
- Check the box labeled HTTP/HTTPS if you want to enable RADIUS, or uncheck the box if you want to disable RADIUS.
- If you are enabling the service, in the Retransmit Attempts field, select the number of retries for NetClock to communicate with the RADIUS server (default = 0).
- Click Submit.
Adding/Removing a RADIUS Server
To add a RADIUS authentication server, or remove a server from the list:
- Navigate to MANAGEMENT > OTHER: Authentication.
- In the Actions panel on the left, click RADIUS Setup. The RADIUS Setup window will be displayed:
- Fill out the fields:
- Host: The hostname or IP address of the RADIUS server
- Port: Defines the RADIUS Port to use. The default RADIUS Port is 1812, but this can be changed, as required.
- Secret Key: The secret key which is shared by NetClock and the RADIUS server (the key is used to generate an MD5 hash).
- Timeout: [seconds] Defines the Timeout that NetClock will wait to communicate with the RADIUS server e.g., 10 seconds.
- Click the Add Server button. A confirmation message The item has been added will be displayed if the server could be added, and the server will be added to the list, indicating its status. The server status can be:
- DISABLED: RADIUS service is disabled.
- UNREACHABLE: This RADIUS server cannot be reached.
- REACHABLE: This RADIUS server can be reached.
Note: NetClock supports multiple RADIUS servers. The system performance, however, will be negatively affected by a large number of servers or invalid servers, respectively.