Scope:
This solution applies to Barracuda SSL VPN models 380 and above, all firmware versions.
Answer:
The RADIUS authentication module enables the Barracuda SSL VPN to authenticate users against an external RADIUS server, and can be used as a primary module in an authentication scheme.
Before the RADIUS module can be configured as a part of an authentication scheme, you must configure the details of your RADIUS server. To configure your RADIUS server, navigate to Access Control > Configuration and scroll down to the section entitled RADIUS. Below are the available configuration options.
- RADIUS Server: The host name or IP address of the RADIUS server. This can be localhost, or a remote server.
- Authentication Port: This is the port number stipulated for the RADIUS authentication process. It must be a valid integer port between 0 and 65536. The default (1812) is usual for standard RFC compliant radius servers. Both this and the accounting port must be open between the RADIUS server and the connecting client.
- Accounting Port: This is the port number stipulated for the RADIUS accounting process. It must be a valid integer port between 0 and 65536. The default (1813) is usual for standard RFC compliant radius servers. Both this and the authentication port must be open between the RADIUS server and the connecting client.
- Shared Secret: The RADIUS shared secret which has been set up on the RADIUS server.
- Authentication Method: If your server does not use a specific authentication method, this value is ignored. The only methods that are currently supported in this configuration are PAP, CHAP, MSCHAP and MSCHAPv2
- Time Out: The timeout for a RADIUS message.
- Authentication Retries: The number of retries for a RADIUS message.
- RADIUS Attributes: The RADIUS attributes required to execute the request.
- Username Case: Setting that defines what case the username is sent to the RADIUS server. Options are to leave as entered, force to upper case or force to lower case.
- Expect Challenge: Expect an initial challenge from the RADIUS server (i.e. user does not provide password prior to first RADIUS Access request)
- Navigate to Access Control > Authentication Schemes.
- Under the Create Scheme header, provide a Name.
- Select RADIUS and click the upper Add > button to move it to the box entitled Selected Modules.
- Select the relevant policy(ies) and click the lower Add > button to move it to the box entitled Selected Policies.
- Click the Add button. Your RADIUS authentication scheme is now available to be used by those users who are members of the selected policy(ies).
https://campus.barracuda.com/solution/50160000000HZG9AAO