SonicOS 7.0 Users

RADIUS Accounting

Single Sign-On by RADIUS accounting allows the appliance to act as a RADIUS accounting server for external third-party appliances, and to log users in or out based on the accounting messages from those devices. For third-party appliances that use RADIUS accounting for other purposes, SonicOS can also forward the RADIUS accounting messages to another RADIUS accounting server.

  1. Navigate to the Device > Users > Settings > Authentication page.
  2. Next to Configure SSO, click Configure.

    The SSO Configuration page is displayed.

  3. In the RADIUS Accounting tab, under Accounting Clients select the following:

    1. Click Add Client.

    2. Under the Settings tab, do the following:

      1. In the Client host name or IP address field, enter the name or the IP address for the RADIUS client host.

      2. If partitioning has been configured then in the Partition drop-down menu select the Default.

      3. In the Shared Key field and the Confirm Shared Key field, enter your shared secret for the client.

      4. Click Save.

    3. Under the Radius tab, do the following:

      1. From the User-Name attribute format drop-down menu, select the format for the user name login. You can select from some common formats:

        • User-name

        • Domain\User-name

        • Domain/User-name

        • User-name@Domain

        • SonicWALL Aventail

        • Or, you can select a non-standard format, Others.

      2. If you selected User-name go to Select a Log user out if no accounting interim updates are received option.

      3. If you select Others, more settings appear so you can configure the components to be found in the attribute:

        1. In Format enter a limited scanf-style string, with either a %s or %[…] directive for each component.

        2. Click Add Component.

        3. Select the This is the last component.

        4. Select the type of component from the Component to add drop-down menu:

          • User-name

          • Domain

          • DN

        5. Enter text to separate entries in the Any text that precedes it and Any text that follows it fields.

        6. Click Add.

        7. To delete the last component you added, click Remove last.

      4. Select a Log user out if no accounting interim updates are received option.

        • Disabled: to not have messages sent.

        • Enabled: to manually specify the Timeout interval. Set the timeout value greater than the period at which the RADIUS Accounting client sends the Interim-Update messages, and for dropped/missed Interim-Update messages, set the Timeout value at least 2 to 3 times greater than the period.

        • Auto (default): to have the appliance detect automatically whether Interim-Update message are being sent periodically and, if they are, to use them as specified under Enabled and setting automatically the timeout accordingly.

      5. Click Save.
    4. Under the Forwarding tab, do the following:
      1. You can enter up to four RADIUS accounting servers in these fields:

        • Name or IP address

        • Port (default 1813)

        • Shared Secret for the RADIUS accounting servers to which you want the client to forward message

        • Confirm Shared Secret

      2. When you enter this information for a server, the Select from drop down menu displays.

        • No forwarding

        • IP address of the accounting server

      3. In the Timeout (seconds) field, enter the timeout period in seconds. The default for Timeout (seconds) is 10 seconds,

      4. In the Retries field enter and the number of retries. The default for retries is 3.

    5. Select how the RADIUS accounting messages are forwarded from this client, either:

      • Try next on timeout
      • Forward to all
  4. In the General Settings tab, do the following:
    1. Enable SSO or RADIUS accounting by selecting the Enable SSO or RADIUS accounting. This setting is enabled by default.

    2. Specify the port in the Port number field. The default port is 1813.

    3. In Mechanism for looking up user group memberships for RADIUS Accounting users select one of the following:

      • Use the mechanism selected on the SSO Users tab

      • Use Filter-Id attribute from RADIUS Accounting requests

  5. Click Save.
  6. In the Advanced Settings tab, do the following:
    1. Select Expect Start/Stop messages due to wireless roaming to notify the SonicWall of users connecting/disconnecting.
    2. In the Maximum switch-over time(seconds) enter in seconds. The default is 30 seconds.

    3. In Wireless Roaming Transitions select one of the following:

      • Expect logical transitions

      • Ignore transition message sequence/source(s)

    4. Select to ignore any radius accounting messages in For users at these IP addresses and For users not at these IP addresses.

    5. Click Add User Names.

    6. Select Begin with or End with in Ignore any user names that.

  7. Click Save.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden