6.3.2. Radius authentication server

The Radius authentication server allows you to authorize users on Radius servers, i.e. UserGate will be serving as a Radius client. When authorizing via Radius, the UserGate server sends the username and password to a Radius server which, in turn, notifies whether the authentication has been successful or not.

Radius servers cannot provide a property of users to UserGate, so that if you have not registered them in UserGate beforehand (e.g. as local users or via LDAP connector), then you will be able to use only Known (i.e. authorized on a Radius server) or Unknown (failed to authorize on a Radius server) users in your security policies.

To create a new authentication server based on Radius, click Add, select Add RADIUS server and then specify the following parameters:

Name

Description

Enabled

Enables or disables usage of the specified authentication server

Server name

Name of the authentication server

Shared secret

Shared key used by the Radius protocol for authentication

Host

IP address of the Radius server

Port

UDP port on which the Radius server is listening for authentication requests (UDP 1812 by default).

Once the authentication server is created, you should set up the Captive portal for Radius-based authentication. For more details on the Captive portal, please refer to the next chapters of this Guide.