View Attach (11) Info

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
jar
 bcprov-ext-jdk15on-1.65.jar 4,530.4 kB 1 22-Apr-2024 17:39 Ben Spink
jpg
 rad1.jpg 108.6 kB 3 10-Oct-2024 18:09 Ada Csaba
jpg
 rad11.jpg 108.6 kB 1 10-Oct-2024 18:12 Ada Csaba
jpg
 rad2.jpg 154.7 kB 1 10-Oct-2024 14:31 Ada Csaba
jpg
 rad22.jpg 190.6 kB 1 10-Oct-2024 18:13 Ada Csaba
jpg
 rad23.jpg 142.7 kB 1 10-Oct-2024 18:18 Ada Csaba
jpg
 rad24.jpg 154.0 kB 1 10-Oct-2024 18:36 Ada Csaba
jpg
 rad31.jpg 50.7 kB 1 10-Oct-2024 19:01 Ada Csaba
jpg
 rad32.jpg 72.6 kB 1 10-Oct-2024 19:01 Ada Csaba
jpg
 rad4.jpg 403.8 kB 1 10-Oct-2024 19:19 Ada Csaba
png
 radius.png 42.9 kB 1 05-Dec-2023 05:32 Ben Spink

This page (revision-51) was last changed on 11-Oct-2024 07:36 by Ada Csaba

This page was created on 05-Dec-2023 05:32 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 3 changed one line
The Radius plugin lets you validate authentication against a Radius server. This plugin is only enabled for Enterprise users. You can set the authentication type to use, the host information, and port information for the authentication process. The RADIUS protocol itself and related terms __[are well documented|https://en.wikipedia.org/wiki/RADIUS]__ (external link), outside the purpose of this wiki.\\
The Radius plugin lets you validate authentication against a Radius server. This plugin is only enabled for Enterprise users. You can set the authentication type to use, the host information, and port information for the authentication process.\\
The RADIUS protocol itself and related terms __[are well documented|https://en.wikipedia.org/wiki/RADIUS]__ (external link), outside the purpose of this wiki.\\
At line 8 changed one line
;term:definition text
[{Image src='rad11.jpg' width='1440' height='..' align='left' style='..' class='..' }]
\\
At line 14 changed 7 lines
NAS-Port-Type := Ethernet
;Retries:
;Timeout (s):
Shared Secret:
;Retries: sets the number of retries in case of failing to connect to the specified RADIUS server.
;Timeout (s): sets the connection timeout for the connection to the RADIUS server.
;Shared Secret: the RADIUS shared secret. The term is usually same for all RADIUS implementations.\\
!IMPORTANT: The __NAS-Port-Type__ attribute is hard coded to "__Ethernet__".\\
At line 22 changed one line
[{Image src='rad1.jpg' width='1440' height='..' align='left' style='..' class='..' }]
The mid section of the plugin panel allows setting the user directory (home directory) access options. Some form of directory access must be configured, otherwise the plugin will deny access even if the credentials validate successfully.\\
At line 24 changed 3 lines
[{Image src='rad2.jpg' width='1440' height='..' align='left' style='..' class='..' }]
[{Image src='rad24.jpg' width='1440' height='..' align='left' style='..' class='..' }]
\\
;Username to use as template (except directory access): the plugin-wide inheritance template user name. Usually "__default__". Various user customizations can be inherited from. In the chain of user inheritance, it has lowest prevalence.
;Radius only used for Authentication (User manager then defines user's access.): per user template mode or local home directory mode. When the checkbox is __set__, will need to create for each RADIUS user a matching user name un User Manager (local per user template account). VFS directory access arious user customizations can be inherited from.In the chain of inheritance, the local template has highest prevalence.
;:When the checkbox is __un-set__, the various home directory settings are revealed. The plugin will grant individual home directories automatically at login time.
;Home folder location: the common root directory path for all automatic RADIUS user directories.
;Directory Permissions: set of virtual permission flags.
;Use local folder if HomeDirectory not found?: long standing GUI bug, ignored
;Append username to path?: toggles the use of the user name as the user directory name. When off, all users will access the common root path under __Home folder location__
;Create folder with username: toggles creation of the per user home directory automatically. When off, it needs to be created manually or the plugin denies login to all users who don't have a home directory already.
;Create additional subfolders in home directory: allows creation of a set of subdirectories, with various permissions, under each user's own working(home) directory.
;Advanced: can set up PGP file cryptography and CrushSync here.
\\
The end section allows mapping of RADIUS user groups as Roles, based on the __Filter-Id__ attribute value returned by the RADIUS server for each user object.\\
[{Image src='rad31.jpg' width='1440' height='..' align='left' style='..' class='..' }]\\
The management buttons allow to add, remove and move around role filters.\\
[{Image src='rad32.jpg' width='1440' height='..' align='left' style='..' class='..' }]\\
\\
Roles have two components, the role name added in the __Enter Role__ field and an optional __Role Template__ account name. The role name string is matched exactly against the Filter-Id attribute value.\\
The role template account is a local user in User Manager, from which various customizations, like per-group (per-role) common working directory is inherited. In the chain of inheritance, it has middle prevalence, higher than the global plugin template user ( set as __Username to use as template__) but lower than per-user local templates ( when using __Radius only used for Authentication__ ).\\
Unlike with other integration plugins, roles are for inheritance only, a non-matching rule does not deny login. In case of multiple role membership inheritance __does not__ cumulate. For such a user account with multiple role membership, the last role in the list will have highest prevalence.\\
\\
!Debugging:
At Debug level 2 and the Debug checkbox enabled on the plugin panel, we log all RADIUS chat in CrushFTP.log.
[{Image src='rad4.jpg' width='1440' height='..' align='left' style='..' class='..' }]\\
Version Date Modified Size Author Changes ... Change note
51 11-Oct-2024 07:36 5.279 kB Ada Csaba to previous
50 10-Oct-2024 19:20 5.258 kB Ada Csaba to previous | to last
49 10-Oct-2024 19:18 5.259 kB Ada Csaba to previous | to last
48 10-Oct-2024 19:17 5.174 kB Ada Csaba to previous | to last
47 10-Oct-2024 19:15 5.041 kB Ada Csaba to previous | to last
46 10-Oct-2024 19:15 5.041 kB Ada Csaba to previous | to last
45 10-Oct-2024 19:11 4.852 kB Ada Csaba to previous | to last
44 10-Oct-2024 19:06 4.281 kB Ada Csaba to previous | to last
43 10-Oct-2024 19:05 4.194 kB Ada Csaba to previous | to last
42 10-Oct-2024 19:03 4.041 kB Ada Csaba to previous | to last
41 10-Oct-2024 19:01 3.878 kB Ada Csaba to previous | to last
« This page (revision-51) was last changed on 11-Oct-2024 07:36 by Ada Csaba
G’day (anonymous guest)
CrushFTP11 | What's New

Referenced by
Enterprise License Enhancements
LeftMenu

JSPWiki