Sophos NAC ADVANCED 3.0 Configuration Manual

p

Configuring Steel-Belted RADIUS Proxy to Send
Grou

Attributes

Configuring Steel-Belted RADIUS Proxy to Send Group Attributes

Copyright 2007 Sophos Group. All rights
reserved. No part of this publication
may be reproduced, stored in retrieval
system, or transmitted, in any form or
by any means electronic, mechanical,
photocopying, recording or otherwise
unless you are either a valid licensee
where the documentation can be
reproduced in accordance with the license
terms or you otherwise have the prior
permission in writing of the copyright
owner.

All other product and company names
are trademarks or registered trademarks
of their respective owners.

Document version 3.0
Published July 2007

2

Configuring Steel-Belted RADIUS Proxy to Send Group Attributes

Table of Contents

About this Document.....................................................................................................................4

Configuring the Steel-Belted RADIUS Proxy.................................................................................4

Using the Sophos NAC Agent.....................................................................................................15

3

Configuring Steel-Belted RADIUS Proxy to Send Group Attributes

About this Document

The purpose of this document is to configure Steel-Belted RADIUS to pull group information from a remote directory
server and forward that information to Sophos NAC so that the group can be given a Sophos NAC policy without
the Sophos NAC application server having a direct connection to Active Directory or LDAP.

This document requires you to already configured IAS for Remote Proxy as described in the Post-Installation
Requirements in the Sophos NAC Installation Guide. This document also a ssu mes that Steel-Belted RADIUS is
already setup and installed on the server and is running on ports 1812, 1813, 1645 and 1646 (default port s for
Steel-Belted RADIUS). If it is not setup/running on these ports, you must modify these instructions to accommodate
for the changes.

If you plan on using Steel-Belted RADIUS to connect to an Active Directory Domain Controller to pull user/group
information, make sure the Steel-Belted RADIUS server is on the domain or is in a trusted domain for the
account/group information it will be pulling from. Also, make sure to use an account that is a member of the Domain
Admins Group so that you will have access to pull user/group information from AD.

Configuring the Steel-Belted RADIUS Proxy

1. Go to http://localhost:1812 and click the Launch link to start Steel-Belted RADIUS.

4

Configuring Steel-Belted RADIUS Proxy to Send Group Attributes

2. Login to Steel-Belted RADIUS.

3. Right-click RADIUS Clients and select Add.

5