Compliant with
RADIUS protocol RFC 2865 and 2866 standards
Supports multiple vendor
NASs with a single server (multi-vendor dictionary that includes
Nortel®, Cisco®, Lucent®, and others)
Configurable dictionary that
allows the definition of new vendors and vendor-specific
attributes and values
Dictionary includes attributes
from RFCs 2865, 2866, 2867, 2868, and 2869
Vendor-specific
attribute translation
Configurable attribute-value
pruning behavior (based on dictionary and clients file definitions)
Various configurable (through
aaa.config) internal queue and buffer sizes
Persistent user session table
and automatic recovery of session information after a server reload
occurs
Engine support of loadable
plug-in modules
Authentication
Features
Distributed
authentication (proxy) by realms (RADIUS type authentication)
Support for PAP authentication
protocol by all supported authentication types
Support for CHAP (clear text
password required in the user profile)
Support for MS-CHAP
Support for EAP authentication
for wireless LAN access points and switches (including EAP-MD5 and
EAP-LEAP)
Authentication of users with
profiles defined in a flat text file that the server loads into
memory (clear text or UNIX-style encrypted passwords)
Authentication of users defined
in a /etc/passwd file
Authentication using multiple
sets of user definition and realm definition files (users and authfile files) keyed by network access server (NAS)
Supports multiple user definition
(realm) files keyed by realm (File type authentication)
Authentication of users defined
in an LDAP server (ProLDAP™ type authentication), including
support of {clear} indicator for clear text passwords
Authentication of users defined
in an ORACLE database
UNIX bigcrypt() for users
defined in a flat file or LDAP directory
Load balancing and failover
when authenticating users stored in an LDAP directory server or
Oracle database
Authorization
Features
Support of
simple authorization policy through check and deny attribute-value
pair items specified in users files
Support for definition of
reply item attribute-value pairs in a users file
Support of simple authorization
policy through check and deny attribute-value pair items
specified in realm files (File type authentication) or an LDAP directory
server (ProLDAP type authentication)
Support for definition of
reply item attribute-value pairs through realm files, an
LDAP directory server, or an Oracle database
Support of complex authorization
policy construction through Boolean expressions with attribute-value
pair operands
Supports simultaneous session
limitation by user and by realm
Accounting
Features
Generates Merit
or Livingston reference accounting detail files (accounting start
and stop RADIUS messages from network access server (NAS)), known
as call detail records (CDR)
Supports distributed accounting
(proxy) by realms (RADIUS type authentication)
Merit format accounting session
record reading utility included (radrecord)
Admin
and Debug Tools/Features
Server Manager
Graphical User Interface (GUI) for managing multiple AAA servers
Support for Simple Network
Management Protocol (SNMP)
Generates server activity
logfiles, compressed daily
Optional debug levels for
greater server log output to help debug problems
Packaged with a RADIUS protocol
client (radpwtst) for testing and debugging
Packaged with a utility,
(radcheck), to check status of server.
Utility (sesstab) to help review the session table for active sessions
Script (stopsession.sh) to terminate specific users sessions that appear
active to the server but are no longer active
Script (las.test.sh) tests simultaneous session control to aid in performance
of session testing of the server
Printable version
