Configuring the Authentication Modules for Kineto Attribute Handling
The following configuration activities are required to activate Kineto attribute handling:
- Configure the kinetoUMAAttrHandler.ctrl file (required only if using the flattening/unflattening method)
- Configure the controlpoints.ini file (required only if using the flattening/unflattening method)
- Configure Steel-Belted Radius Carrier to recognize the Kineto attributes
- Develop applications for the S1 interface
Each of these configuration activities are described in the sections that follow.
Configuring the kinetoUMAAttrHandler.ctrl File
The kinetoUMAAttrHandler.ctrl file (located in the Radius directory) calls the appropriate library, enables use of the Kineto attribute handling features, and controls related settings.
 |
NOTE: Configuration of the |
To configure the kinetoUMAAttrHandler.ctrl file:
- Open the
kinetoUMAAttrHandler.ctrlfile located in theRadiusdirectory. - In the
[Bootstrap]section of thekinetoUMAAttrHandler.ctrlfile, setEnable=1. - In the
[Bootstrap]section of thekinetoUMAAttrHandler.ctrlfile, make sure the following lines exist and are not commented out:
LibraryName=kinetoUMAAttrHandler.so
InitializationString= kinetoUMAAttrHandler
- In the
[Settings]section of thekinetoUMAAttrHandler.ctrlfile, make sure the following line exists and is not commented out:
RemoveTranslatedAttributes=true
Example kinetoUMAAttrHandler.ctrl file
[Bootstrap]
Enable=1
LibraryName=kinetoUMAAttrHandler.so
InitializationString= kinetoUMAAttrHandler
[Settings]
RemoveTranslatedAttributes=true
Table 181 explains the settings required in the kinetoUMAAttrHandler.ctrl file to allow Kineto attribute handling.
Specifies the name of the initialization file for the library. |
||
Configuring the controlpoints.ini File
The controlpoints.ini file (located in the Radius directory) calls the attribute handler at the appropriate processing stages.
|
NOTE: Configuration of the |
To configure the controlpoints.ini file:
- Open the
controlpoints.inifile located in theRadiusdirectory. - Enter the following lines in the file:
[Auth-Initial-Request]
kinetoUMAAttrHandler
[Auth-Final-Request]
kinetoUMAAttrHandler
Table 182 explains the settings required in the controlpoints.ini file to allow Kineto attribute handling.
Calls the attribute handler plug-in when the initial authorization request is received. |
|
Calls the attribute handler plug-in when authorization is complete. |
Configuring Kineto Attribute Recognition
You must configure Steel-Belted Radius Carrier to recognize the Kineto attributes by loading the Kineto dictionary file (.dct file).
To configure Steel-Belted Radius Carrier to recognize the Kineto attributes you need to configure Kineto as a RADIUS client and activate the authentication method you want to use with Kineto.
- Run the SBR Administrator and log into your Steel-Belted Radius Carrier server.
- Click RADIUS Clients.
The Add RADIUS Client dialog appears.
- Select
Kineto S1in theMake/modellist and enter the details for your Kineto INC.NOTE: Selection of Kineto S1 in the Make/model list causes the Kineto dictionary file (.dct file) to be applied, which includes the Kineto attributes.
Kineto INC appears in your list of RADIUS clients.
Activate the Authentication Method
To use either LDAP or SQL authentication, follow the procedures in the section on "Back-End Authentication and Accounting Methods" in the Steel-Belted Radius Carrier Administration and Configuration Guide and Back-End Authentication and Accounting Files217 in this guide. To use the LDAP authentication method, you need to configure the ldapauth.aut file. To use the SQL authentication method you need to configure either the radsql.aut or radsqljdbc.aut file. After these files are configured, the respective authentication method becomes available to activate in SBR Administrator.
The content frame displays the authentication methods activation dialog shown in Figure 36. This dialog displays any configured authentication methods in the server. The left-hand panel displays a list of inactive authentication methods, while the right-hand panel displays a list of active authentication methods.
- Select the authentication method from the list of Inactive Authentication Methods.
NOTE: The Name of the LDAP or SQL authentication method is specified in the InitializationString entry of the .aut file. In the example shown in Figure 36, the MYSQL_JDBC was defined in the radsqljdbc.aut. The authentication method does not appear in the list of authentication methods until you configure the associated .aut file.
- Use the right arrow to move it to the list of Active Authentication Methods.
- Define the order in which the authentication methods are tried in Steel-Belted Radius Carrier by highlighting a method and clicking the Up or Down buttons.
- Click Apply to save the settings.
Developing Applications for the S1 Interface
To implement the Kineto S1interface with the authentication modules, you must:
- Write your application using SQL stored procedures or LDAP scripting to conform with the requirements in the Kineto S1 interface specification.
- Configure and enable the ldapauth.aut, or radsql.aut or radsqljdbc.aut to authenticate subscribers using data stored in an LDAP directory or an SQL database.
For more information about SQL stored procedures, LDAP scripting, the LDAP authentication plug-in: ldapauth.aut, or the SQL plug-ins: radsql.aut or radsqljdbc.aut), see Back-End Authentication and Accounting Files217 in this guide. Also see Chapter 33, Creating LDAP Scripts, and the section on "Back-End Authentication and Accounting Methods" in the Steel-Belted Radius Carrier Administration and Configuration Guide.
