How to configure RADIUS authentication
You can add existing RADIUS users to the firewall. To do this, you add a RADIUS server and set the primary authentication method.
Note
The settings we specify in this document are examples. For more detailed information on RADIUS server settings, see Add a RADIUS server.
Objectives
When you complete this unit, you'll know how to do the following:
- Add and configure a RADIUS server on the firewall.
- Set the primary authentication method so that the firewall queries the AD server first.
Add a RADIUS server
Add a RADIUS server that includes a shared secret and group name attribute.
You’ll need the following information to complete this task:
- RADIUS server shared secret
-
RADIUS server group name attribute
-
Go to Authentication > Servers and click Add.
-
Specify the settings.
Note
For settings not listed here, use the default value.
Use the shared secret and group name attribute that are configured on the RADIUS server.
The settings below are examples.
Option Value Server type RADIUS server Server name SF_RADIUS Server IP 192.168.1.102 Authentication port 1812 Time-out 3 seconds Enable accounting Yes Accounting port 1813 Shared secret <RADIUS server shared secret> Group name attribute <RADIUS server group name attribute> -
Click Test connection to validate the user credentials and check the connection to the server.
- Click Save.
Set primary authentication method
To query the RADIUS server first, you set it as the primary authentication method. When users sign in to the firewall for the first time, they're automatically added as a member of the default group specified.
- Go to Authentication > Services.
- In the authentication server list, select SF_RADIUS.
-
Move the server to the first position in the list of selected servers.
-
Click Apply.
Test the configuration by signing in through the captive portal with user credentials from the RADIUS server. You can access the captive portal at https://<IP address of Sophos Firewall>:8090
.