You can integrate Indeni and an external RADIUS server in your environment and also leverage the RADIUS authentication for user access bypassing the local authentication provided by Indeni.
Indeni supports a single integration with RADIUS. You can either use LDAP or RADIUS integration as your centralized authentication mechanism. Enabling RADIUS integration means all users will be considered as “RADIUS” users, with the exception for username=admin.
Please Note: This feature is available in version 7.4 or later, and it only supports the PAP method.
To configure RADIUS integration, perform the following steps:
- Navigate to Settings > Integrations, select RADIUS from the ADD NEW INTEGRATIONS drop down menu.
- Provide the Host Address.
- Enter the Port used for RADIUS server authentication. By default, the UDP port is 1812.
- Enter the Shared secret.
- Enter the temporary user name for the purpose of testing the connection to the RADIUS server. This will not be stored in Indeni.
- Enter the password. The password is used for testing the connection and it will not be stored.
- Select a default role. New users will be assigned the default role. To support a different role, you can define the user as a local user for the purpose of associating a role other than the default role. The username defined in Indeni must match the username in the RADIUS repository.
If RADIUS is configured and it is active, Indeni will forward all authentication requests to the RADIUS server. Indeni does not store the passwords locally. If the RADIUS server does not successfully authenticate the username and password, access is not granted even though the username is in the local database.
When a new user attempts to log in for the first time, Indeni does not have the username in its local database. Indeni forwards the request to the RADIUS server for authentication and authorization. If the request is accepted, Indeni adds the new user to its local database and assigns the user the default role.
When an existing user logs in to Indeni, Indeni forwards the request to the RADIUS server for authentication and authorization. If the request is accepted, Indeni retrieves the role for that user from its local database instead of using the default role. In other words, the only change from an existing user perspective is the password.