Select Page

Radware AppDirector – Authentication using RADIUS

Radware AppDirector – Authentication using RADIUS

Radware AppDirector provides the ability to utilize a RADIUS server for management authentication. For example, we utilize Cisco’s ACS server to manage authentication to Cisco gear and are now using it to manage administrative access to the AppDirector as well. Below are the steps to configure the AppDirector to utilize a RADIUS server.

1. Enable AppDirector to use RADIUS

Security –> Users

The first step is to enable both Radius and Local User Table authentication. This is done in the Users table and Authentication page. Change the Authentication Method from “Local User Table” to “Radius and Local User Table”. This instructs the AppDirector to utilize a Radius server first with a fallback to local users table.

Important: If a RADIUS server is not available, the device uses the User Table to authenticate access. Therefore, at least one user with a read-write access level must be configured in the local User Table, to enable device access, in the event if RADIUS servers are unavailable. Please also note that local user accounts can only be used when the RADIUS server is unavailable.

Enable Radius

2. RADIUS Parameter Configuration

Services –> Management Interfaces –> Admin RADIUS Authentication

 The second step is to configure the Radius parameters. This provides the AppDirector with IP addresses, port number, and the authentication password to communicate with the authentication servers. The default port number is 1645. If your RADIUS server is utilizing a different port, be sure to update it here. Lastly, you need to change the Default Authorization to Read-Only. Read-Write access will be granted to only privileged users through the authentication server.

Radius Parameters

3. Authentication Server Setup

Once the AppDirector is successfully communicating with the authentication server, you’ll need to add the accounts and the proper privileged  After the user is successfully authenticated by the authentication server, the AppDirector verifies the privileges of the remote user and authorizes the appropriate access. For this purpose, AppDirector searches for Service-Type attribute (AVP 6), built into all RADIUS servers, in the Access-Accept response.

  • Read-Write (administrator) user privilege is built into all Radius servers (Service-Type value 6).
  • Read-Only user privilege (Service-Type value 255) has to be defined in the RADIUS dictionary.

Example of read only user in free radius software:

User1  Auth-Type := System

Service-Type = 255

About The Author

Bryan Krausen

Bryan Krausen is currently working as a Sr. Solutions Architect with experience in a vast number of platforms, specializing in AWS and HashiCorp tools.

Leave a reply

Your email address will not be published.