RADIUS External Authentication
This chapter describes how to set up Remote Authentication Dial In User Service (RADIUS) external authentication.
Overview
Genesys Configuration Server supports all versions of RADIUS, an industry standard for authentication. The architectural schema is identical to the one shown in Authentication Architecture Involving an External System, where a RADIUS server acts as a third-party authentication server.
To set up RADIUS:
- Deploy the RADIUS module during installation of Configuration Server.
- Modify the RADIUS configuration files.
Starting in release 7.5, Configuration Server external authentication supports multiple RADIUS servers. The active, or responding, authentication server is used for authorization of all subsequent clients. When this server does not respond, the next server in the list (of servers, as specified in the servers file) is tried, and if it responds, it becomes the active authentication server. This process continues sequentially through the list of authentication servers.
Starting in release 8.0, RADIUS messages concerning the success and failure of each RADIUS authentication attempt are relayed from the RADIUS server back through Configuration Server for display to the end user.
In geographically distributed systems prior to release 8.0, RADIUS external authentication was configured only on the Master Configuration Server, and each Configuration Server Proxy passed authentication requests to it. Starting in release 8.0, RADIUS External Authentication can be configured on the Master Configuration Server and on each Configuration Server Proxy. Therefore, each Configuration Server Proxy can process authentication requests itself, and not pass them on to the Master Configuration Server.