Loading...
 

SysAdmin Blog

RADIUS authorization on an ATEN SN0116 serial console server

Alexander Bochmann Friday 07 of March, 2014
For several days I've been puzzled by the documentation for RADIUS authorization on an ATEN Altusen SN0116 serial console server (cache), using Windows NPS as RADIUS server. The ATEN docs unhelpfully state, "On the RADIUS server, set the access rights for each user according to the attribute information in the table, below" - and then there's a list of flags that specify the authorization options.

The docs fail to mention in which RADIUS attribute these authorization flags are supposed to be returned to the console server, though.

After some twiddling, it turns out that the flags should to be placed (in Microsoft NPS terms) as string into a vendor-specific attribute with vendor-code 0 and vendor-attribute 0. Additionally, if the RADIUS policy configuration contains several vendor-specific attributes, it seems that the ATEN device only parses the first one that's returned by the server.

NPS configuration to make this work looks something like this:

MS NPS RADIUS configuration for ATEN serial console server
MS NPS RADIUS configuration for ATEN serial console server