Configuring AAA Servers

To configure Unleashed to authenticate users against an external Active Directory or RADIUS authentication server:

  1. Go to Admin & Services > Services > AAA Servers.
  2. In Authentication Servers, click Create New.
  3. Select the server type:
    • Active Directory: If you use a Microsoft AD server, configure the following settings:
      • Global Catalog: Enable Global Catalog for multi-domain AD authentication. If this option is enabled, you must also enter an Admin DN and Password so that Unleashed can query the Global Catalog.
      • Encryption: select Enable TLS encryption if you want to encrypt all authentication traffic between the client and the Active Directory server. The AD server must support TLS1.0/TLS1.1/TLS1.2.
      • IP Address: Enter the IP address of the AD server.
      • Port: The default port number (3268, or 636 if you have enabled TLS encryption) should not be changed unless you have configured your AD server to use a different port.
      • Windows Domain Name: Enter a domain name for single domain authentication, or leave blank for multi-domain authentication.
    • RADIUS: If your authentication server is a RADIUS server, configure the following settings:
      • Encryption: If you want to enable encryption of RADIUS packets using Transport Layer Security (TLS), select the Enable TLS encryption check box. This allows RADIUS authentication and accounting data to be passed safely across insecure networks such as the Internet.
      • Auth Method: Choose PAP or CHAP according to the authentication protocol used by your RADIUS server.
      • Backup RADIUS: If a backup RADIUS or RADIUS Accounting server is available, enable the check box next to Backup RADIUS and additional fields appear. Enter the relevant information for the backup server and click OK. When you have configured both a primary and backup RADIUS server, an additional option will be available in the Test Authentication Settings section to choose to test against the primary or the backup RADIUS server.
      • IP Address: Enter the IP address of the RADIUS server (and backup RADIUS server, if enabled).
      • Port: The default port (1812) should not be changed unless you have configured your RADIUS server to use a different port.
      • Shared Secret: Enter a password for communication between Unleashed and the RADIUS server.
      • Confirm Secret: Repeat the shared secret.
      • Retry Policy: Enter a Request Timeout value (in seconds) and a Max Number of Retries value in the relevant fields.
  4. Click OK to save your AAA server entry.

The AAA Servers page

Microsoft Active Directory server configuration

RADIUS server configuration