Configuring ProxyAV to authenticate via RADIUS for administrative login



You need an example on how to configure the ProxyAV to authenticate with a RADIUS server


The example below is provided for integration with FreeRADIUS.

1. Save the bluecoat.dictionary file at the end of the KB into FreeRADIUS' list of dictionary files.

2. Include the bluecoat.dictionary into the dictionary database by editing the "dictionary" file

[root@optiplex3 log]# ls -l /usr/share/freeradius/dictionary
-rw-r--r-- 1 root root 5151 Aug 31  2010 /usr/share/freeradius/dictionary

$INCLUDE dictionary.bintec
$INCLUDE dictionary.cablelabs
$INCLUDE dictionary.cabletron

$INCLUDE dictionary.bintec
$INCLUDE dictionary.bluecoat
$INCLUDE dictionary.cablelabs
$INCLUDE dictionary.cabletron

3. Create your users in FreeRADIUS' users file.

[root@optiplex3 log]# cat /etc/raddb/users

avreadwrite         User-Password == "avreadwrite"
                              Blue-Coat-Authorization += "2"

avreadonly         User-Password == "avreadonly"
                             Blue-Coat-Authorization += "1"

avnoaccess      User-Password == "avnoaccess"
                            Blue-Coat-Authorization += "0"

4. Add your ProxyAV as a client in FreeRADIUS.

[root@optiplex3 log]# cat /etc/raddb/clients.conf

client {
        secret = my_shared_secret
        shortname = ProxyAV

5. Restart FreeRADIUS

[root@optiplex3 log]# service radiusd restart
Stopping RADIUS server: [  OK  ]
Starting RADIUS server: Tue May 10 17:00:42 2011 : Info: Starting - reading configuration files ...[  OK  ]

6. In ProxyAV's Management Console, goto Authentication and ensure "ProxyAV Local Authentication" is enabled. This is required as a fallback plan in the event that your RADIUS setup fails.

7. Enable "ProxyAV RADIUS Authentication". Enter the IP address of your RADIUS server and shared secret (from step 4). Reconfirm the shared secret. If your RADIUS server does not use UDP-1812 for RADIUS authentication, change it accordingly to the one used by your RADIUS server.

8. Save the changes

#----------------------------- Begin bluecoat.dictionary--------------------------

# -*- text -*-
# dictionary.bluecoat
# Blue Coat Vendor Specific Attribute dictionary file for freeradius

VENDOR          BlueCoat                14501


ATTRIBUTE       Blue-Coat-Group                         1       string
ATTRIBUTE       Blue-Coat-Authorization                 2       integer

VALUE           Blue-Coat-Authorization  No-Access               0
VALUE           Blue-Coat-Authorization  Read-Only-Access        1
VALUE           Blue-Coat-Authorization  Read-Write-Access       2

END-VENDOR      BlueCoat

#----------------------------- End bluecoat.dictionary-----------------------------

Additional Information
Bug Number
InQuira Doc IdKB4409

Article Feedback

Did this Article solve your issue?
Additional Comments:
Previous MonthNext Month