Setup RADIUS Authentication Groups Between ProxySG And FreeRADIUS
Article ID: 166484
Updated On:
Products
Issue/Introduction
FreeRADIUS
1. Download and install FreeRADIUS from http://www.freeradius.net/modules.php?op=modload&name=Downloads&file=index&req=viewdownload&cid=1 (Win32) or http://freeradius.org/getting.html (Source code). The example below will be based on the default installation directory/folder.
2. Edit the C:\FreeRADIUS.net\etc\raddb\dictionary file with WordPad.
Enter the line: $INCLUDE ../share/freeradius/dictionary.bluecoat
Before:
$INCLUDE ../share/freeradius/dictionary
After:
$INCLUDE ../share/freeradius/dictionary
$INCLUDE ../share/freeradius/dictionary.bluecoat
3. Save the file.
4. Place the dictionary.bluecoat file in the Attachment section in C:\FreeRADIUS.net\share\freeradius.
5. Edit C:\FreeRADIUS.net\etc\raddb\clients.conf with WordPad and create the following entry:
client 10.10.10.10 {
secret = secret64
shortname = ProxySG64
}
Replace 10.10.10.10 with the IP address of your Blue Coat ProxySG. Refer to the clients.conf in the Attachment section for an example.
6. Edit C:\FreeRADIUS.net\etc\raddb\users.conf with WordPad and create the following entries for testing purposes:
#admin1 is an Administrator only
admin1 User-Password == "pass1"
Blue-Coat-Group += "BCadmin"
#admin2 is an Administrator and FTP user
admin2 User-Password == "pass2"
Blue-Coat-Group += "BCadmin",
Blue-Coat-Group += "FTP"
#ftpuser1 is an FTP user only
ftpuser1 User-Password == "ftppass1"
Blue-Coat-Group += "FTP"
Refer to users.conf in the Attachment section for an example.
Blue Coat ProxySG
- Go to the ProxySG’s Management Console->Configuration->Authentication->RADIUS section and create a new RADIUS Realm.
- Use the following entry:
Realm name: RADIUS_realm
Primary server host: 10.105.1.65
Secret: secret64
Confirm secret: secret64
- Click OK and Apply
- Go to the Management Console->Configuration->Policy->Visual Policy Manager. Click Launch. You will be brought to the VPM.
- Click Policy->Add Admin Authentication Layer->OK
- Right-click on the column under Action and choose Set.
7. Click New->Authenticate
8. Click OK and OK again.
9. Click Policy->Add Admin Access Layer->OK
An Admin Access Layer tab will be created.
10. Right-click on the Deny column under Action and choose Allow Read/Write Access.
11. Right-click on the column below Source and choose Set
12. Click New->Group. Enter “BCadmin” as the name of the group.
13. Click OK and OK again and you will see the following screen.
14. Users with the Blue-Coat-Group attribute defined as “BCadmin” will have read/write administrative access to the ProxySG.
15. Click Policy->Add Web Authentication Layer->OK.
A Web Authentication Layer tab will be created.
16. Right-click on the column below Action and choose Set. Click New->Authenticate
17. The screen below will be brought up.
Click OK and OK again and you will get the following screen.
18. Click Policy->Add Web Access Layer->OK
The Web Access Layer tab will be created.
19. Right-click on the column below Action and choose Allow.
20. Right-click on the column below Source and choose Set.
21. Click New->Group
22. Enter FTP as the name of the group.
23. Click OK and OK.
24. Right-click on the column below Service and choose Set.
25. Click New->Client Protocol
26. Choose FTP and All FTP.
27. Click OK and OK and you will be brought back to the main VPM screen.
28. Click “Install Policy”.
Resolution
This example shows how the Blue-Coat-Group RADIUS attribute can be used to group users together. Users admin1 and admin2 will be able to access the Management Console with their RADIUS account. Users admin2 and ftpuser1 will be able to use the Proxy for FTP.
Attachments
Feedback
