SonicOS 7.0 Users
- SonicOS 7.0 Users
- About User Management
- Using Local Users and Groups for Authentication
- Using RADIUS for Authentication
- Using LDAP/Active Directory/eDirectory Authentication
- Using RADIUS
- Using TACACS+
- Using Single Sign-On
- What is Single Sign-On?
- Benefits of SonicWall SSO
- Platforms and Supported Standards
- How Does Single Sign-On Work?
- How Does SSO Agent Work?
- How Does Terminal Services Agent Work?
- How Does Browser NTLM Authentication Work?
- How Does RADIUS Accounting for Single-Sign-On Work?
- Installing the Single Sign-On Agent and/or Terminal Services Agent
- Single Sign-On Advanced Features
- Configuring Access Rules
- Managing SonicOS with HTTP Login from a Terminal Server
- Viewing and Managing SSO User Sessions
- Multiple Administrator Support
- Configuring Users Status
- Configuring User Settings
- User Login Settings
- Setting the Authentication Method for Login
- Configuring RADIUS Authentication
- Configuring LDAP
- Configuring TACACS+
- Requiring User Names be Treated as Case-Sensitive
- Preventing Users From Logging in from More than One Location
- Forcing Users to Log In Immediately After Changing Their Passwords
- Displaying User Login Information Since the Last Login
- Setting the Single-Sign-On Methods
- One-Time Password Settings
- Configuring the User Web Login Settings
- Adding URLs to Authentication Bypass
- User Session Settings
- Accounting
- [[[Missing Linked File System.LinkedTitle]]]
- User Login Settings
- Configuring and Managing Partitions
- Configuring Local Users and Groups
- Configuring Guest Services
- Configuring Guest Accounts
- Managing Guest Status
- SonicWall Support
RADIUS Accounting
Single Sign-On by RADIUS accounting allows the appliance to act as a RADIUS accounting server for external third-party appliances, and to log users in or out based on the accounting messages from those devices. For third-party appliances that use RADIUS accounting for other purposes, SonicOS can also forward the RADIUS accounting messages to another RADIUS accounting server.
- Navigate to the Device > Users > Settings > Authentication page.
- Next to Configure SSO, click Configure.
The SSO Configuration page is displayed.
-
In the RADIUS Accounting tab, under Accounting Clients select the following:
-
Click Add Client.
-
Under the Settings tab, do the following:
-
In the Client host name or IP address field, enter the name or the IP address for the RADIUS client host.
-
If partitioning has been configured then in the Partition drop-down menu select the Default.
-
In the Shared Key field and the Confirm Shared Key field, enter your shared secret for the client.
-
Click Save.
-
-
Under the Radius tab, do the following:
-
From the User-Name attribute format drop-down menu, select the format for the user name login. You can select from some common formats:
-
User-name
-
Domain\User-name
-
Domain/User-name
-
User-name@Domain
-
SonicWALL Aventail
-
Or, you can select a non-standard format, Others.
-
-
If you selected User-name go to Select a Log user out if no accounting interim updates are received option.
-
If you select Others, more settings appear so you can configure the components to be found in the attribute:
-
In Format enter a limited scanf-style string, with either a %s or %[…] directive for each component.
-
Click Add Component.
-
Select the This is the last component.
-
Select the type of component from the Component to add drop-down menu:
-
User-name
-
Domain
-
DN
-
-
Enter text to separate entries in the Any text that precedes it and Any text that follows it fields.
-
Click Add.
-
To delete the last component you added, click Remove last.
-
-
Select a Log user out if no accounting interim updates are received option.
-
Disabled: to not have messages sent.
-
Enabled: to manually specify the Timeout interval. Set the timeout value greater than the period at which the RADIUS Accounting client sends the Interim-Update messages, and for dropped/missed Interim-Update messages, set the Timeout value at least 2 to 3 times greater than the period.
-
Auto (default): to have the appliance detect automatically whether Interim-Update message are being sent periodically and, if they are, to use them as specified under Enabled and setting automatically the timeout accordingly.
-
- Click Save.
-
- Under the Forwarding tab, do the following:
You can enter up to four RADIUS accounting servers in these fields:
Name or IP address
Port (default 1813)
Shared Secret for the RADIUS accounting servers to which you want the client to forward message
Confirm Shared Secret
When you enter this information for a server, the Select from drop down menu displays.
No forwarding
IP address of the accounting server
In the Timeout (seconds) field, enter the timeout period in seconds. The default for Timeout (seconds) is 10 seconds,
In the Retries field enter and the number of retries. The default for retries is 3.
-
Select how the RADIUS accounting messages are forwarded from this client, either:
- Try next on timeout
- Forward to all
-
- In the General Settings tab, do the following:
Enable SSO or RADIUS accounting by selecting the Enable SSO or RADIUS accounting. This setting is enabled by default.
Specify the port in the Port number field. The default port is 1813.
In Mechanism for looking up user group memberships for RADIUS Accounting users select one of the following:
Use the mechanism selected on the SSO Users tab
Use Filter-Id attribute from RADIUS Accounting requests
- Click Save.
- In the Advanced Settings tab, do the following:
- Select Expect Start/Stop messages due to wireless roaming to notify the SonicWall of users connecting/disconnecting.
In the Maximum switch-over time(seconds) enter in seconds. The default is 30 seconds.
In Wireless Roaming Transitions select one of the following:
Expect logical transitions
Ignore transition message sequence/source(s)
Select to ignore any radius accounting messages in For users at these IP addresses and For users not at these IP addresses.
Click Add User Names.
Select Begin with or End with in Ignore any user names that.
- Click Save.
Was This Article Helpful?
Help us to improve our support portal