RADIUS
Contents |
Preface
PowerFolder Server is able to authenticate users by a RADIUS server/service. This for example seamlessly integrates PowerFolder with eduroam. "eduroam (education roaming) is the secure, world-wide roaming access service developed for the international research and education community".
Setup
Edit the PowerFolder Server's configuration file and add the following lines:
radius.server=myradiusserver:1812 radius.sharedsecret=sharedsecret radius.auth=PEAP
After restart all login requests (via web or client) will be checked at given RADIUS server. Make sure your admin account username exists in RADIUS, otherwise you won't be able to login anymore.
Possible values for "radius.auth" are: EAPMD5, EAPMSCHAPV2, EAPTLS, EAPTTLS, PEAP, MSCHAPV1, MSCHAPV2, CHAP or PAP
Authentication process
The authentication process is similar to the authentication process via LDAP/Activate directory.
Chained / Multi source authentication
It is also possible to configure PowerFolder to authenticate users at multiple different authentication services (e.g. LDAP and RADIUS). A user will be successfully authenticated at PowerFolder if one of the given services yields to a successful authentication.
To configure the authentication order edit the server configuration file and add the following line:
security.auth.order=ldap,radius,database
This will first try to authenticate a user via LDAP, if this fails it is tried via RADIUS and finally via the internal user database (third party users). Available values are: ldap, radius and database.
