Radware AppDirector – Authentication using RADIUS
Radware AppDirector provides the ability to utilize a RADIUS server for management authentication. For example, we utilize Cisco’s ACS server to manage authentication to Cisco gear and are now using it to manage administrative access to the AppDirector as well. Below are the steps to configure the AppDirector to utilize a RADIUS server.
1. Enable AppDirector to use RADIUS
Security –> Users
The first step is to enable both Radius and Local User Table authentication. This is done in the Users table and Authentication page. Change the Authentication Method from “Local User Table” to “Radius and Local User Table”. This instructs the AppDirector to utilize a Radius server first with a fallback to local users table.
Important: If a RADIUS server is not available, the device uses the User Table to authenticate access. Therefore, at least one user with a read-write access level must be configured in the local User Table, to enable device access, in the event if RADIUS servers are unavailable. Please also note that local user accounts can only be used when the RADIUS server is unavailable.
2. RADIUS Parameter Configuration
Services –> Management Interfaces –> Admin RADIUS Authentication
The second step is to configure the Radius parameters. This provides the AppDirector with IP addresses, port number, and the authentication password to communicate with the authentication servers. The default port number is 1645. If your RADIUS server is utilizing a different port, be sure to update it here. Lastly, you need to change the Default Authorization to Read-Only. Read-Write access will be granted to only privileged users through the authentication server.
3. Authentication Server Setup
Once the AppDirector is successfully communicating with the authentication server, you’ll need to add the accounts and the proper privileged After the user is successfully authenticated by the authentication server, the AppDirector verifies the privileges of the remote user and authorizes the appropriate access. For this purpose, AppDirector searches for Service-Type attribute (AVP 6), built into all RADIUS servers, in the Access-Accept response.
- Read-Write (administrator) user privilege is built into all Radius servers (Service-Type value 6).
- Read-Only user privilege (Service-Type value 255) has to be defined in the RADIUS dictionary.
Example of read only user in free radius software:
User1 Auth-Type := System
Service-Type = 255