Configuring ProxyAV to authenticate via RADIUS for administrative login


<< Back to Knowledge Search

Solution

Overview

You need an example on how to configure the ProxyAV to authenticate with a RADIUS server

Cause
Resolution

The example below is provided for integration with FreeRADIUS.

1. Save the bluecoat.dictionary file at the end of the KB into FreeRADIUS' list of dictionary files.

2. Include the bluecoat.dictionary into the dictionary database by editing the "dictionary" file

[root@optiplex3 log]# ls -l /usr/share/freeradius/dictionary
-rw-r--r-- 1 root root 5151 Aug 31  2010 /usr/share/freeradius/dictionary

Before:
......
$INCLUDE dictionary.bintec
$INCLUDE dictionary.cablelabs
$INCLUDE dictionary.cabletron
$INCLUDE dictionary.cisco

After:
......
$INCLUDE dictionary.bintec
$INCLUDE dictionary.bluecoat
$INCLUDE dictionary.cablelabs
$INCLUDE dictionary.cabletron
$INCLUDE dictionary.cisco


3. Create your users in FreeRADIUS' users file.

[root@optiplex3 log]# cat /etc/raddb/users

avreadwrite         User-Password == "avreadwrite"
                              Blue-Coat-Authorization += "2"

avreadonly         User-Password == "avreadonly"
                             Blue-Coat-Authorization += "1"

avnoaccess      User-Password == "avnoaccess"
                            Blue-Coat-Authorization += "0"

4. Add your ProxyAV as a client in FreeRADIUS.

[root@optiplex3 log]# cat /etc/raddb/clients.conf

client 10.10.10.10/32 {
        secret = my_shared_secret
        shortname = ProxyAV
}

5. Restart FreeRADIUS

[root@optiplex3 log]# service radiusd restart
Stopping RADIUS server: [  OK  ]
Starting RADIUS server: Tue May 10 17:00:42 2011 : Info: Starting - reading configuration files ...[  OK  ]

6. In ProxyAV's Management Console, goto Authentication and ensure "ProxyAV Local Authentication" is enabled. This is required as a fallback plan in the event that your RADIUS setup fails.

7. Enable "ProxyAV RADIUS Authentication". Enter the IP address of your RADIUS server and shared secret (from step 4). Reconfirm the shared secret. If your RADIUS server does not use UDP-1812 for RADIUS authentication, change it accordingly to the one used by your RADIUS server.

8. Save the changes



#----------------------------- Begin bluecoat.dictionary--------------------------

# -*- text -*-
# dictionary.bluecoat
#
# Blue Coat Vendor Specific Attribute dictionary file for freeradius
#
#

VENDOR          BlueCoat                14501

BEGIN-VENDOR    BlueCoat

ATTRIBUTE       Blue-Coat-Group                         1       string
ATTRIBUTE       Blue-Coat-Authorization                 2       integer

VALUE           Blue-Coat-Authorization  No-Access               0
VALUE           Blue-Coat-Authorization  Read-Only-Access        1
VALUE           Blue-Coat-Authorization  Read-Write-Access       2

END-VENDOR      BlueCoat

#----------------------------- End bluecoat.dictionary-----------------------------

Workaround
Additional Information
Bug Number
InQuira Doc IdKB4409
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Software      ProxyAV 3
Topic      Authentication
Article Number      000008693
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat