Configuring the SIM or SMS Authentication Module for Handling Kineto Attributes
The following configuration activities are required to activate Kineto attribute handling:
- Configure the kinetoUMAAttrHandler.ctrl file (required only if using the flattening/unflattening attribute handling method)
- Configure the controlpoints.ini file (required only if using the flattening/unflattening attribute handling method)
- Configure Steel-Belted Radius Carrier to recognize the Kineto attributes
- Develop applications for the S1 interface
Each of these configuration activities are described in the sections that follow.
Configuring the kinetoUMAAttrHandler.ctrl File
The kinetoUMAAttrHandler.ctrl file (located in the Radius directory) calls the appropriate library, enables use of the Kineto attribute handling features, and controls related settings.
To configure the kinetoUMAAttrHandler.ctrl file:
- Open the
kinetoUMAAttrHandler.ctrlfile located in the Radius directory. - In the [Bootstrap] section of the
kinetoUMAAttrHandler.ctrlfile, set Enable=1. - In the [Bootstrap] section of the
kinetoUMAAttrHandler.ctrlfile, make sure the following lines exist and are not commented out:
LibraryName=kinetoUMAAttrHandler.so
InitializationString= kinetoUMAAttrHandler
- In the [Settings] section of the
kinetoUMAAttrHandler.ctrlfile, make sure the following line exists and is not commented out:
RemoveTranslatedAttributes=true
Example kinetoUMAAttrHandler.ctrl file
[Bootstrap]
Enable=1
LibraryName=kinetoUMAAttrHandler.so
InitializationString= kinetoUMAAttrHandler
[Settings]
RemoveTranslatedAttributes=true
Table 182 explains the settings required in the kinetoUMAAttrHandler.ctrl file to allow Kineto attribute handling.
Specifies the name of the initialization file for the library. |
||
Configuring the controlpoints.ini File
The controlpoints.ini file (located in the Radius directory) calls the attribute handler at the appropriate processing stages.
To configure the controlpoints.ini file:
- Open the
controlpoints.inifile located in theRadiusdirectory. - Enter the following lines in the file:
[Auth-Initial-Request]
kinetoUMAAttrHandler
[Auth-Final-Request]
kinetoUMAAttrHandler
Table 183 explains the settings required in the controlpoints.ini file to allow Kineto attribute handling.
Calls the attribute handler plug-in when the initial authorization request is received. |
|
Calls the attribute handler plug-in when authorization is complete. |
Configuring Kineto Attribute Recognition
You must configure Steel-Belted Radius Carrier to recognize the Kineto attributes by loading the Kineto dictionary file (.dct file).
To configure Steel-Belted Radius Carrier to recognize the Kineto attributes you need to configure Kineto as a RADIUS client and activate the authentication method you want to use with Kineto.
- Run the SBR Administrator and log into your Steel-Belted Radius Carrier server.
- Click RADIUS Clients.
The Add RADIUS Client dialog appears.
- Select
Kineto S1in theMake or modellist and enter the details for your Kineto INC.
NOTE: Selection of Kineto S1 in the Make or model list causes the Kineto dictionary file (.dct file) to be applied, which includes the Kineto attributes.
Kineto INC appears in your list of RADIUS clients.
Activating the Authentication Method
To use either LDAP or SQL authentication, follow the procedures in the section on Back-End Authentication and Accounting Files in the Steel-Belted Radius Carrier 7.2 Administration and Configuration Guide and Back-End Authentication and Accounting Files229 in this guide. To use the LDAP authentication method, you need to configure the ldapauth.aut file. To use the SQL authentication method you need to configure either the radsql.aut or radsqljdbc.aut file. After these files are configured, the respective authentication method becomes available to activate in SBR Administrator.
The content frame displays the authentication methods activation dialog shown in Figure 37. This dialog displays any configured authentication methods in the server. The left-hand panel displays a list of inactive authentication methods, while the right-hand panel displays a list of active authentication methods.
- Select the authentication method from the list of Inactive Authentication Methods.
NOTE: The name of the LDAP or SQL authentication method is specified in the InitializationString entry of the .aut file. In the example shown in Figure 37, the MYSQL_JDBC was defined in the radsqljdbc.aut. The authentication method does not appear in the list of authentication methods until you configure the associated .aut file.
- Use the right arrow to move it to the list of Active Authentication Methods.
- Define the order in which the authentication methods are tried in Steel-Belted Radius Carrier by highlighting a method and clicking the Up or Down buttons.
- Click Apply to save the settings.
Developing Applications for the S1 Interface
To implement the Kineto S1interface with the authentication modules, you must:
- Write your application using SQL stored procedures or LDAP scripting to conform with the requirements in the Kineto S1 interface specification.
- Configure and enable the ldapauth.aut, or radsql.aut or radsqljdbc.aut to authenticate subscribers using data stored in an LDAP directory or an SQL database.
For more information about SQL stored procedures, LDAP scripting, the LDAP authentication plug-in: ldapauth.aut, or the SQL plug-ins: radsql.aut or radsqljdbc.aut), see Back-End Authentication and Accounting Files229 in this guide. Also see Chapter 48, Creating LDAP Scripts, and the section on Back-End Authentication and Accounting Methods in the Steel-Belted Radius Carrier 7.2 Administration and Configuration Guide.
