APPENDIX D: RADIUS SERVER 89Appendix D: RADIUS ServerNote: This section has been provided for reference only. Please consult your local systemadministrator for exact implementation details.OverviewThe details of installing and configuring the RADIUS server software will depend on the Server you are using. ThisAppendix covers the installation and configuration of the Windows 2000 RADIUS Server, but regardless of theimplementation, there are several items you must configure:1. A list of authorized clients and their shared secrets: The RADIUS server must have the IP addresses of allauthorized RADIUS clients. Along with each client's address is a secret. It is not critical what the secret is aslong as this same secret is also configured into the client (Dominion SX unit). The RADIUS client and serveruse the secret to encrypt parts of the packets they send to each other and to guarantee that the messages andreplies are authentic. In Windows 2000 implementations, this file is called clients. Please refer to Step D. in theInstall and Configure the RADIUS Server for Windows 2000 section that follows for more information.2. A list of authorized users and their configuration information: The RADIUS server must know passwords,users, what these users are authorized to do after they log in. In Windows 2000 implementations,Administrators can use Active Users and Directory or Local Authentication to add users. Information aboutthe user is stored as a list of RADIUS protocol attributes and associated values. These translate directly into theauthentication reply the server will send back to the client.3. Reply items used by Dominion SX Products: The following attributes are used by Dominion SX products:• Vendor-Specific: This Attribute is available to allow Raritan to support more detailed resource control. Tocontrol the number of ports being accessed by a particular user, a new Vendor code is added for RaritanSystems. The Vendor code takes a value of 8267 and the String to be entered should follow this format:− IP Address of the Dominion SX unit separated by a ‘:’− Privileges to be given to the user, separated by a ‘:’ Privileges should take one of the following values: A for Administrator: has Read and Write access to the console window; can modify the configuration of theunit. O for Operator: has Read and Write access to the console window; cannot modify the configuration of the unit. OB for Observer: has Read-only access to the console window; cannot modify the configuration of the unit.− Port number access, taking a value of: ‘*’ indicating access to all the ports. ‘1:2:3’ indicating access to ports 1, 2 and 3 only.Note: For more information and examples, please see Step E. in the Install and Configure theRADIUS Server for Windows 2000 section that follows.• Service-Type: You must specify characteristics of the service provided to the user by specifying the desiredService-Type in each user profile. The reply items in each user profile determine how the user's session isconfigured on the Dominion SX unit.