Configuring RADIUS for SonicOS Enhanced

If you selected Use RADIUS for user authentication or Use RADIUS but also allow locally configured users, you must now configure RADIUS information.

To configure RADIUS, complete the following steps:

1	Expand the Users tree and click on RADIUS.

 

2

Define the number of times the SonicWALL attempts to contact the RADIUS server in the RADIUS Server Retries field. If the RADIUS server does not respond within the specified number of retries, the connection is dropped. This field can range between 0 and 10, however 3 RADIUS server retries is recommended.

3	Define the RADIUS Server Timeout in Seconds. The allowable range is 1-60 seconds with a default value of 5.

RADIUS Servers

1	Specify the following setting for the primary RADIUS server in the Primary Server section:

•	Type the IP address of the RADIUS server in the IP Address field.

•	Type the Port Number for the RADIUS server.

•	Type the RADIUS server administrative password or “shared secret” in the Shared Secret field. The alphanumeric Shared Secret can range from 1 to 31 characters in length. The shared secret is case sensitive.

2	If there is a secondary RADIUS server, type the appropriate information in the Secondary Server section.

RADIUS Users

1	To only allow users that are configured locally, but to still use RADIUS to authenticate them, select Allow only users listed locally.

2	Select the mechanism used for setting user group memberships for RADIUS users from the following list:

•	Use SonicWALL vendor-specific attribute on RADIUS server: select to tell the RADIUS server to send vendor-specific attributes back to the SonicWALL appliance.

•	Use RADIUS Filter-ID attribute on RADIUS server: select to tell the RADIUS server to send Filter-ID user attributes back to the SonicWALL appliance. Filter-ID attributes include the names of user groups that a user belongs to.

•	Enter duplicate RADIUS user names locally on the SonicWALL: select when the RADIUS server contains user names and passwords, but has no user group information. The SonicWALL appliance contains the user group configuration for each user, while RADIUS simply authenticates the password.

3

For a shortcut for managing RADIUS user groups, check Memberships can be set locally by duplicating RADIUS user names. When you create users with the same name locally on the security appliance and manage their group memberships, the memberships in the RADIUS database automatically changes to mirror your local changes.

4	If you have previously configured User Groups on the SonicWALL, select the group from the Default user group to which all RADIUS user belong menu.

5	You can create a new group by choosing Create a new user group... from the list. The Add Group window displays.

RADIUS Client Test

To test your RADIUS Client user name and password, complete the following steps:

1	Navigate to the Diagnostics > Network page.

2	Enter a valid user name in the User field, and the password in the Password field.

3	Click RADIUS Client Test.

If the validation is successful, the Status messages changes to Success. If the validation fails, the Status message changes to Failure. After the SonicWALL has been configured, a VPN Security Association requiring RADIUS authentication prompts incoming VPN clients to type a User Name and Password into a dialogue box.