APPENDIX C: RADIUS SERVER SETTINGS 67
RADIUS Attributes Generated by Dominion KSX
Dominion KSX sends the following RADIUS attributes to the RADIUS server with each access request:
ATTRIBUTE DATA
USER-NAME The user name entered at the login screen.
USER-PASSWORD In PAP mode, the encrypted password entered at the login screen.
CHAP-PASSWORD In CHAP mode, the CHAP protocol response computed from the password and the CHAP
challenge data.
NAS-IP-ADDRESS Dominion KSX’s IP Address
NAS-IDENTIFIER If the Dominion KSX unit’s name, entered at the Dominion KSX Admin Console on the Network
Configuration screen, is left to the default name “Dominion KSX,” then the identifier will simply be
“Dominion KSX”. If another name is entered as an alternative to the default name “Dominion
KSX,” then the identifier will be “Dominion KSX.<name>” where <name> represents the
alternative name entered on the Network Configuration screen.
NAS-PORT-TYPE The value ASYNC (0) for modem connections and ETHERNET (15) for network connections.
NAS-PORT Always 0.
STATE If this request is in response to a ACCESS-CHALLENGE, the state data from the ACCESS-
CHALLENGE packet will be returned.
PROXY-STATE If this request is in response to a ACCESS-CHALLENGE, the proxy state data from the ACCESS-
CHALLENGE packet will be returned.
Dominion KSX sends the following RADIUS attributes to the RADIUS server with each accounting request:
ATTRIBUTE DATA
SESSION-TYPE Either START (1) for log in or STOP (2) for log out.
SESSION-ID A string containing a unique session name. The name is in the format of “<NAS-
IDENIFIER>:<user IP address>:<number>” where <NAS-IDENTIFER> is the string from the
NAS-IDENTIFIER attribute, <user IP address> is the IP address of the user’s remote PC, and
<number> is a unique sessions number. Example: “Dominion KSX:192.168.1.100:122”
USER-NAME The user name entered at the login screen.
NAS-IP-ADDRESS Dominion KSX’s IP Address
NAS-IDENTIFIER If the Dominion KSX unit’s name, entered at the Dominion KSX Admin Console on the Network
Configuration screen, is left to the default name “Dominion KSX,” then the identifier will simply be
“Dominion KSX”. If another name is entered as an alternative to the default name “Dominion
KSX,” then the identifier will be “Dominion KSX.<name>” where <name> represents the
alternative name entered on the Network Configuration screen.
NAS-PORT-TYPE The value ASYNC (0) for modem connections and ETHERNET (15) for network connections.
NAS-PORT Always 0.
FILTER-ID Any FILTER-ID attributes returned by the RADIUS server during authentication will be sent in
each accounting request.
CLASS Any CLASS attributes returned by the RADIUS server during authentication will be sent in each
accounting request.
ACCT-AUTHENTIC How the user was authenticated. Either RADIUS (1) if the user was authenticated by the RADIUS
server or LOCAL (2) if the user was authenticated by Dominion KSX’s built-in user name database.
TERMINATE-CAUSE If this is a STOP request, the reason the user was terminated. Either USER_REQUEST (1),
LOST_SERVICE (3), SESSION_TIMEOUT (5), or ADMIN_RESET (6).
