A RADIUS client is a network access server (NAS) that forwards requests from access clients for authentication to HOTPin. The RADIUS Clients screen provides management access for client setup and configuration.
HOTPin Server uses Password Authentication Protocol (PAP), thus RADIUS clients must be configured to use PAP to work with the HOTPin system.
Access the screen through the web UI at HOTPin|NPS RADIUS|RADIUS Clients.
View the following summary information on the RADIUS Clients page:
- Friendly Name – identifies the client with descriptive name.
- IP Address – displays the client address.
- Status – indicates the client is either Enabledor Disabled in the NPS application.
To manage RADIUS clients:
- Navigate to HOTPin|NPS RADIUS|RADIUS Clients.
- Select the action you want to perform:
- New – create a new client.
- Properties – view client settings and advanced configuration; select a client to enable the button.
- Delete – permanently remove a client.
- Import/Export – transfer client configuration from or to HOTPin Server.
- Refresh – click to see changes to the client list.
- Click the Close button to return the NPS RADIUS screen.
Add a New Client or Edit Properties
When adding a new client or editing properties, you will have access to these settings:
- Enable this RADIUS client – select to enable the client in the NPS application.
- Name and Address
- Friendly name – the friendly name should be descriptive to help identify the NAS.
- Address (IP or DNS) – the client address can be either the IP address or DNS name.
- Note: If using the DNS name, it must be resolvable from the HOTPin server; otherwise, use the IP address.
- Shared Secret – a password for use between RADIUS components (clients, proxies, and servers); can include up to 64 characters. Also provides message encryption if the Message Authenticator attribute is invoked.
- Change shared secret (Edit Radius Client screen only) – check to enter a new string.
- Manual – select to enter and confirm your own string in the text fields.
- Generate – select and click theGenerate button to create one automatically in the text field.
- Note: The shared secret will need to be entered on the NAS, so take note of the string value before completing the client configuration. To view the shared secret value if one was previously assigned, select theChange shared secret, then selectGenerate; the shared secret string will display in the text field.
- Vendor – you can specify the client vendor if needed; note that RADIUS standard will work for most clients.
- Vendor name – to specify a vendor instead of using the RADIUS standard option, select a name from the drop menu.
- Additional Options
- Access-Request messages must contain the Message-Authenticator attribute – select to encrypt RADIUS messages. If selected, RADIUS messages not containing the attribute will fail verification and be discarded.
- RADIUS client is NAP-capable – you can select to include NAP attributes in Access-Accept messages if the client has NAP functionality and you have configured NPS authorization to work in the HOTPin system.