RADIUS Configuration Properties

The RADIUS login provider (com.sybase.security.radius.RadiusLoginModule) provides authentication services only. Configure the RADIUS login provider by setting properties in the <installation directory>\EAServer\Repository\CSI\conf\default.xml file.

Property Default value Description
Authentication method PAP The authentication method to be used. Set the method to:
  • PAP if you need RADIUS to authenticate via a name and a password. This identity is validated against a database or in the remote security server database.
  • CHAP if you need RADIUS to authenticate via a challenge and response.
Shared secret None The secret shared between the RADIUS server and the host where the login module is executed.
RadiusServerHostName None The name of the host to connect to the RADIUS server.
RadiusServerAuthPort 1812 The RADIUS server authentication port.
MaxChallenges 3 In case of a challenge from RADIUS server, the maximum number of challenge prompts propagated to the client.
ErrorMsgMapping.[index].regex None The regular expression to match a RADIUS server error message.

For example:

ErrorMsgMapping.1.regex=someRegEx

ErrorMsgMapping.1.failureCode=failureCodeValue

The properties with the same index map someRegEx to the failureCodeValue. The index is used only to map the regular expression to the failure code. It does not signify the order in which the regular expressions are used to match the RADIUS server error message. The order in which the regular expressions are defined determines the order in which they are used. The index can also be a string value as follows:

ErrorMsgMapping.map.regex=someRegEx2

ErrorMsgMapping.map.failureCode= failureCodeValue2
ErrorMsgMapping.[index].failureCode None The error code that a regular expression specified with the same index maps to. The failure code can be specified as an integer or a string. If a string value is specified, it should correspond to the constant defined in com.sybase.security.core.AuthenticationFailureWarning with the prefix FAILURE_CODE.

1,15, ACCOUNT_LOCKED, PASSWORD_EXPIRED are all valid values. If an invalid value is specified, the corresponding regular expression is ignored.

caseSensitiveMatching false The case-sensitive matching to be used when matching the RADIUS server error messages using the regular expressions.
Parent topic: RADIUS Security
Related concepts
LDAP Security
RADIUS Security
Certificate Security
Native Basic Provider Suite Security
Related tasks
Installing the jradius-client
Delegating EAServer Security to a Third-Party Provider
Related reference
Example: RADIUS Security Configuration

Send your feedback on this help topic to Sybase Technical Publications: pubs@sybase.com

Your comments will be sent to the technical publications staff at Sybase, Inc. For product-related issues or technical support, contact Sybase Technical Support at 1-800-8SYBASE.