This solution applies to Barracuda SSL VPN models 380 and above, all firmware versions.
The RADIUS authentication module enables the Barracuda SSL VPN to authenticate users against an external RADIUS server, and can be used as a primary module in an authentication scheme.
Before the RADIUS module can be configured as a part of an authentication scheme, you must configure the details of your RADIUS server. To configure your RADIUS server, navigate to Access Control > Configuration and scroll down to the section entitled RADIUS. Below are the available configuration options.
- RADIUS Server: The host name or IP address of the RADIUS server. This can be localhost, or a remote server.
- Authentication Port: This is the port number stipulated for the RADIUS authentication process. It must be a valid integer port between 0 and 65536. The default (1812) is usual for standard RFC compliant radius servers. Both this and the accounting port must be open between the RADIUS server and the connecting client.
- Accounting Port: This is the port number stipulated for the RADIUS accounting process. It must be a valid integer port between 0 and 65536. The default (1813) is usual for standard RFC compliant radius servers. Both this and the authentication port must be open between the RADIUS server and the connecting client.
- Shared Secret: The RADIUS shared secret which has been set up on the RADIUS server.
- Authentication Method: If your server does not use a specific authentication method, this value is ignored. The only methods that are currently supported in this configuration are PAP, CHAP, MSCHAP and MSCHAPv2
- Time Out: The timeout for a RADIUS message.
- Authentication Retries: The number of retries for a RADIUS message.
- RADIUS Attributes: The RADIUS attributes required to execute the request.
- Username Case: Setting that defines what case the username is sent to the RADIUS server. Options are to leave as entered, force to upper case or force to lower case.
- Expect Challenge: Expect an initial challenge from the RADIUS server (i.e. user does not provide password prior to first RADIUS Access request)
- Navigate to Access Control > Authentication Schemes.
- Under the Create Scheme header, provide a Name.
- Select RADIUS and click the upper Add > button to move it to the box entitled Selected Modules.
- Select the relevant policy(ies) and click the lower Add > button to move it to the box entitled Selected Policies.
- Click the Add button. Your RADIUS authentication scheme is now available to be used by those users who are members of the selected policy(ies).