46 DOMINION KX USER G UIDEReturning User Group Information via RADIUSWhen a RADIUS authentication attempt succeeds, the device determines the permissions for agiven user based on the permissions of the user’s group.Your remote RADIUS server can provide these user group names by returning an attribute,implemented as a RADIUS FILTER-ID. The FILTER-ID should be formatted as follows:Raritan:G{GROUP_NAME}where GROUP_NAME is a string, denoting the name of the group to which the user belongs.RADIUS Communication Exchange SpecificationsKX101 sends the following information to RADIUS server in an authentication query:A TTRIBUTE D ATAUSER-NAME The user name entered at the login screen.USER-PASSWORD In PAP mode, the encrypted password entered at the login screen.CHAP-PASSWORD In CHAP mode, the CHAP protocol response computed from thepassword and the CHAP challenge data.NAS-IP-ADDRESS Dominion KX’s IP AddressNAS-IDENTIFIER The Dominion KX unit name as configured in “NetworkConfiguration” (see previous section).NAS-PORT-TYPE The value ASYNC (0) for modem connections and ETHERNET(15) for network connections.NAS-PORT Always 0.STATE If this request is in response to an ACCESS-CHALLENGE, the statedata from the ACCESS-CHALLENGE packet will be returned.PROXY-STATE If this request is in response to an ACCESS-CHALLENGE, theproxy state data from the ACCESS-CHALLENGE packet will bereturned.