Secure Mobile Access 12.4 Administration Guide

Table of Contents

Configuring Advanced RADIUS Settings

To configure additional (optional) RADIUS settings

  1. Click the Advanced button to display additional (optional) RADIUS settings.

  2. In the Service type field, type a RADIUS Service-Type integer indicating the type of service being requested. For most RADIUS servers, type 1 (for Login; default) or 8 (for Authenticate Only).
  3. When a user’s credentials are accepted, the RADIUS server normally sends a confirmation message (for example, Passcode accepted). If you do not want this message displayed, select the Suppress RADIUS success message checkbox.

  4. Select the authentication protocol method from the drop-down. The supported authentication protocol methods include PAP, CHAP, MSCHAP, and MSCHAPv2.

    If you have selected the authentication protocol method as MSCHAPv2, Allow password changes check box is enabled. Selecting this checkbox allows users to change the password when the password gets expired or when the password is reset by the administrator.

    In order to support CHAP authentication protocol method, user passwords must be stored using reversible encryption in the Operating System. In Windows Security policy security setting & AD users properties > Account tab, enable “Store passwords using reversible encryption”.

  5. The appliance normally identifies itself using its host name. If the RADIUS server is unable to accept that name, specify a NAS-Identifier or NAS-IP-Address (specifying both is allowed but not typically necessary).

  6. To change the prompts and other text that Windows users see when they log in to the authentication server, select Customize authentication server prompts. The page title, message, and login prompts can all be customized. For example, if a user logs in using his employee ID, you could change the text for the Identityprompt from Username: to Employee ID:

  7. If the RADIUS server uses an older version of the RADIUS protocol that does not support UTF-8 character encoding, select a Local encoding scheme from the Selected list, or type one in the Other field. For more information, see RADIUS Policy Server Character Sets.
  8. (RADIUS with a Credential type of Username/Password only) To enable NTLM authentication forwarding, click one of the NTLM authentication forwarding options. For more information, see NTLM Authentication Forwarding.