Skip to main content
Version: Axidian Privilege 3.0

RADIUS Configuring

caution

Please specify all URLs in lowercase.

The JSON format does not allow comments in the file, so you need to remove lines starting with "//" characters.

caution

After changing the configuration file restart application pool IdP in IIS Manager.

Go to C:\inetpub\wwwroot\idp and edit file appsettings.json.

Section IdentitySettings

  • DirectoryMechanism — Mechanism of authentication.

  • Authentication —  Authentication provider.

    IdentitySettings section in appsettings.json configuration file
    "IdentitySettings": {
    ...
    "DirectoryMechanism": "Radius",
    "Authentication": "Local",
    ...
    }

Section Radius

  • AuthenticationScheme — authentication scheme in RADIUS. Possible parameters: PAPCHAPMSCHAPV2. The PAP scheme is insecure.

    note

    Using CHAP authentication in Windows, it is necessary to enable Store passwords using reversible encryption in the user account settings and update the user's password.

  • AuthenticationUserName — name format for authentication. Possible parameters:

    • NameWithoutDomain — name without domain (for authentication in FreeRadius)
    • SamCompatibleName — name in the format AXIDIAN\\user
    • PrincipalName — name in the format user@axidian.domain

  • Secret — secret for the additional authentication of the component.

  • Timeout — timeout waiting for a RADIUS server response.

  • RemoteEndpoint:

    • Address — RADIUS server address for connection.
    • Port — RADIUS server port for connection (default port: 1812).
Radius section in appsettings.json configuration file (one RADIUS server)
"Radius": {
    "AuthenticationScheme": "MSCHAPV2",
    "AuthenticationUserName": "PrincipalName",
    "Secret":"ENCRYPTED_CfDJ8MPJ7V58kgpLvtoHgdiuk5VKMK_hf3r437uZdHjdZAfve5wtVvgDZPjjDm7bgjCXKM5XM",
    "Timeout": 10,
    "RemoteEndpoint": {
      "Address": "PAM_RADIUS_SERVER",
      "Port": 1812
    }

You can specify multiple RADIUS servers to provide system fault tolerance. In this case, PAM sends the request to the RADIUS servers sequentially, in the orthe servers are specified in the configuration file. In other words, if it was unable to connect to the first RADIUS server, then PAM will try to connect to next o

Radius section in appsettings.json configuration file (two RADIUS servers)
 "Radius": {
    "Timeout": 10,
    "RemoteEndpoints": [
      {
        "Address": "10.11.4.28",
        "Port": 1812,
        "Secret": "123",
        "AuthenticationScheme": "MSCHAPV2",
        "AuthenticationUserName": "PrincipalName"
      },
      {
        "Address": "10.11.4.128",
        "Port": 1812,
        "Secret": "123",
        "AuthenticationScheme": "MSCHAPV2",
        "AuthenticationUserName": "PrincipalName"
      }
    ]
  },