User's Guide
What It Is
What's New
Key Features List
ClearBox Enterprise vs ClearBox
System Requirements
Purchasing Licenses
Getting Started
Quick Start
Understanding Server Components
Managing User Accounts
Configuring RADIUS Realms
Realm Settings
Realm Rules
Dynamic Realm Rules
Authentication Protocols Compatibility
Logging Authentication Packets
Logging Discarded Requests
Account Log Files
Realm Settings
Configuring SQL Queries
Private RADIUS Attributes
Regular Expressions Syntax
RADIUS Clients
RADIUS Client Settings
Dynamic Clients Settings
SQL Data Sources
SQL Data Source Settings
LDAP Servers
LDAP Server Settings
Remote RADIUS Servers
Remote RADIUS Server Settings
State Servers
State Server Settings
Meta Configuration
Meta Configuration
Meta Configuration Settings
Meta Base Schema
TLS Settings
Creating SSL Certificates
Creating Server Sertificate
Requesting Server Certificate
Creating Client Certificates
Revoking a Certificate or Renewing CRL
Exporting CA Certificate
Issuing a Certificate in Active Directory CA
Remote Configuration
Advanced ISP Billing Integration
DTH Billing Integration
Platypus Billing System Intergration
OnDO SIP Server Integration
How Do I...
Wi-Fi Security
Wireless Authentication
Wi-Fi and RADIUS
Supported EAP Authentication Types
Security Considerations
10 Tips for Wireless Network Security
Administering the Server
Debug Logs
Using Client Tool
List of Server Errors
Maintaining RADIUS Dictionary
Basic Concepts
Wireless Authentication
Authentication Protocols
RADIUS Attributes
Example of RADIUS Packet Transactions
List of Standard RADIUS Attributes
Technical Support
Purchasing Licenses

ClearBox Enterprise Server 2.0 Online Manual
Prev Page Next Page
ClearBox Enterprise Serverâ„¢ 2.0. User's Guide

Realm Authorization Settings

This dialog helps you to configure so-called authorization lists. They are applied to an access request after it has been accepted during the authentication process. Only the authorization 'Reject-Response' list is applied for requests rejected by the authentication.

These lists allow to create flexible authorization rules. The lists may contain plain attributes defined explicitly by you or may be retrieved from a database or directory service. Thus you may use static, unconditional attributes for all users in the realm, and attributes retrieved from a database specific for particular users.

Expand Black List

You add the attributes that SHOULD NOT be present in the request packet to the Black List. Thus you may explicitly define what attributes are not granted. The server looks through the realm black list, and if any of the attributes from the list are found in the request, then user connection is denied. You may configure that both attribute name and value should match or it's sufficient that attribute present whatever value it has, to reject the request.
Various policies can be constructed with the help of this list. For example, Calling-Station-ID attribute can be added to block users who dial in from a particular phone number.

Expand Check List

The Check-List is an alternative to the Black List. You place RADIUS attributes that SHOULD be present in the request in the list. The request is accepted only if all attributes from the Check List are present in the request. You may configure that both attribute name and value should match or it's sufficient that attribute names should be equal to accept the request. An attribute in the list can be marked as 'default'. In this case the attribute may be not present in the request.

A variety of rules could be enforced by including appropriate attributes in the Check List. Only certain users might be permitted to use ISDN connections, or dial in to a particular NAS. Or, Caller ID could be used to validate a user against a list of legal originating phone numbers.

Expand Response List

The Response List defines what attributes should be included in the successful response packet granting access to a user.
The Response List usually provides additional parameters that the NAS needs to complete the connection, typically as part of PPP negotiations. In other words, the Response List defines a connection profile, a set of properties that are applied to a connection when it is authorized.
By including appropriate attributes in the Response List, a variety of connection policies could be applied. Specific users could be assigned particular IP addresses or IPX network numbers, IP header compression could be turned on or off, or a time limit could be assigned to the connection.

Expand Reject-Response List

The Reject-Response List defines what attributes should be included in the Access-Reject response packet sent when user authentication request is rejected.
The Reject List may be used in VoIP applications, for instance, to return h323-return-code attribute to an IVR script.

Click 'Apply Changes' to save list changes.

© 2001-2007 XPerience Technologies.
Converted from CHM to HTML with chm2web Pro 2.7 (unicode)