Solutions

Configuring ProxyAV to authenticate via RADIUS for administrative login

Solutions ID:    KB4409
Version:    1.0
Status:    Published
Published date:    05/10/2011
 

Problem Description

You need an example on how to configure the ProxyAV to authenticate with a RADIUS server

Resolution

The example below is provided for integration with FreeRADIUS.

1. Save the bluecoat.dictionary file at the end of the KB into FreeRADIUS' list of dictionary files.

2. Include the bluecoat.dictionary into the dictionary database by editing the "dictionary" file

[root@optiplex3 log]# ls -l /usr/share/freeradius/dictionary
-rw-r--r-- 1 root root 5151 Aug 31  2010 /usr/share/freeradius/dictionary

Before:
......
$INCLUDE dictionary.bintec
$INCLUDE dictionary.cablelabs
$INCLUDE dictionary.cabletron
$INCLUDE dictionary.cisco

After:
......
$INCLUDE dictionary.bintec
$INCLUDE dictionary.bluecoat
$INCLUDE dictionary.cablelabs
$INCLUDE dictionary.cabletron
$INCLUDE dictionary.cisco


3. Create your users in FreeRADIUS' users file.

[root@optiplex3 log]# cat /etc/raddb/users

avreadwrite         User-Password == "avreadwrite"
                              Blue-Coat-Authorization += "2"

avreadonly         User-Password == "avreadonly"
                             Blue-Coat-Authorization += "1"

avnoaccess      User-Password == "avnoaccess"
                            Blue-Coat-Authorization += "0"

4. Add your ProxyAV as a client in FreeRADIUS.

[root@optiplex3 log]# cat /etc/raddb/clients.conf

client 10.10.10.10/32 {
        secret = my_shared_secret
        shortname = ProxyAV
}

5. Restart FreeRADIUS

[root@optiplex3 log]# service radiusd restart
Stopping RADIUS server: [  OK  ]
Starting RADIUS server: Tue May 10 17:00:42 2011 : Info: Starting - reading configuration files ...[  OK  ]

6. In ProxyAV's Management Console, goto Authentication and ensure "ProxyAV Local Authentication" is enabled. This is required as a fallback plan in the event that your RADIUS setup fails.

7. Enable "ProxyAV RADIUS Authentication". Enter the IP address of your RADIUS server and shared secret (from step 4). Reconfirm the shared secret. If your RADIUS server does not use UDP-1812 for RADIUS authentication, change it accordingly to the one used by your RADIUS server.

8. Save the changes



#----------------------------- Begin bluecoat.dictionary--------------------------

# -*- text -*-
# dictionary.bluecoat
#
# Blue Coat Vendor Specific Attribute dictionary file for freeradius
#
#

VENDOR          BlueCoat                14501

BEGIN-VENDOR    BlueCoat

ATTRIBUTE       Blue-Coat-Group                         1       string
ATTRIBUTE       Blue-Coat-Authorization                 2       integer

VALUE           Blue-Coat-Authorization  No-Access               0
VALUE           Blue-Coat-Authorization  Read-Only-Access        1
VALUE           Blue-Coat-Authorization  Read-Write-Access       2

END-VENDOR      BlueCoat

#----------------------------- End bluecoat.dictionary-----------------------------


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question