How To Setup RADIUS Authentication Groups Between Blue Coat ProxySG And FreeRADIUS

book

Article ID: 166484

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

FreeRADIUS

 

1.     Download and install FreeRADIUS from http://www.freeradius.net/modules.php?op=modload&name=Downloads&file=index&req=viewdownload&cid=1 (Win32) or http://freeradius.org/getting.html (Source code). The example below will be based on the default installation directory/folder.

 

2.     Edit the C:\FreeRADIUS.net\etc\raddb\dictionary file with WordPad.

Enter the line: $INCLUDE       ../share/freeradius/dictionary.bluecoat

 

Before:

$INCLUDE       ../share/freeradius/dictionary

 

After:

$INCLUDE       ../share/freeradius/dictionary

$INCLUDE       ../share/freeradius/dictionary.bluecoat

 

3.     Save the file.

4.     Place the dictionary.bluecoat file in the Attachment section in C:\FreeRADIUS.net\share\freeradius.

5.     Edit C:\FreeRADIUS.net\etc\raddb\clients.conf with WordPad and create the following entry:

 

client 10.10.10.10 {

                    secret                     = secret64

                    shortname              = ProxySG64

}

 

Replace 10.10.10.10 with the IP address of your Blue Coat ProxySG. Refer to the clients.conf in the Attachment section for an example.

 

6.     Edit C:\FreeRADIUS.net\etc\raddb\users.conf with WordPad and create the following entries for testing purposes:

 

#admin1 is an Administrator only

admin1              User-Password == "pass1"

                                        Blue-Coat-Group += "BCadmin"

 

          #admin2 is an Administrator and FTP user

admin2             User-Password == "pass2"

                                        Blue-Coat-Group += "BCadmin",

                                        Blue-Coat-Group += "FTP"

 

          #ftpuser1 is an FTP user only

ftpuser1           User-Password == "ftppass1"

                                        Blue-Coat-Group += "FTP"

 

Refer to users.conf in the Attachment section for an example.

 


Blue Coat ProxySG

 

  1. Go to the ProxySG’s Management Console->Configuration->Authentication->RADIUS section and create a new RADIUS Realm.
  2. Use the following entry:

Realm name: RADIUS_realm

Primary server host: 10.105.1.65

Secret: secret64

Confirm secret: secret64


 

  1. Click OK and Apply


 

  1. Go to the Management Console->Configuration->Policy->Visual Policy Manager. Click Launch. You will be brought to the VPM.


 


 

  1. Click Policy->Add Admin Authentication Layer->OK



 

  1. Right-click on the column under Action and choose Set.



 

7. Click New->Authenticate


8. Click OK and OK again.




 

9. Click Policy->Add Admin Access Layer->OK


An Admin Access Layer tab will be created.


 

10. Right-click on the Deny column under Action and choose Allow Read/Write Access.



 

11. Right-click on the column below Source and choose Set



 

12. Click New->Group. Enter “BCadmin” as the name of the group.



 

13. Click OK and OK again and you will see the following screen.


 

14. Users with the Blue-Coat-Group attribute defined as “BCadmin” will have read/write administrative access to the ProxySG.


 

15. Click Policy->Add Web Authentication Layer->OK.


A Web Authentication Layer tab will be created.


 

16. Right-click on the column below Action and choose Set. Click New->Authenticate



 

17. The screen below will be brought up.


 

Click OK and OK again and you will get the following screen.



 

18. Click Policy->Add Web Access Layer->OK


The Web Access Layer tab will be created.


 

19. Right-click on the column below Action and choose Allow.



 

20. Right-click on the column below Source and choose Set.



 

21. Click New->Group



 

22. Enter FTP as the name of the group.



 

23. Click OK and OK.



 

24. Right-click on the column below Service and choose Set.



 

25. Click New->Client Protocol



 

26. Choose FTP and All FTP.



 

27. Click OK and OK and you will be brought back to the main VPM screen.


 

28. Click “Install Policy”.

 

29. This example shows how the Blue-Coat-Group RADIUS attribute can be used to group users together. Users admin1 and admin2 will be able to access the Management Console with their RADIUS account. Users admin2 and ftpuser1 will be able to use the Proxy for FTP.

Attachments

Attachments.zip get_app