RADIUS User Authentication

Micetro can authenticate using an external RADIUS server. This is especially useful in large installations, as it eliminates the need for users to maintain their passwords in multiple locations. Any password rules (such as password expiry and minimum password length) that have been applied within the organization will automatically apply to Micetro.

RADIUS User Authentication vs. Local User Authentication

Even with RADIUS user authentication enabled, users must still be created and assigned privileges within Micetro. The only difference between RADIUS and local user authentication lies in the authentication process: when RADIUS user authentication is enabled, users are authenticated via the RADIUS user authentication system before accessing Micetro. With RADIUS user authentication, user passwords are not stored within Micetro.

Note

Only one authentication method can be assigned per user, but different users can use different authentication methods. This allows some users to log in using RADIUS user authentication while others utilize local user authentication.

Enabling RADIUS User Authentication

To enable RADIUS authentication, you need to configure specific properties in the Micetro Central configuration file preferences.cfg. Locate this file in the data folder in the Micetro Central data directory:

  • Windows: C:\Program Files\Men&Mice\Central\data

  • Others: Set during installation, typically /var/mmsuite/mmcentral or /chroot/var/mmsuite/mmcentral, where /chroot is the chroot jail location for named.

Add the following properties to the configuration file:

RADIUSServer

Defines the address of the RADIUS server for authentication.

RADIUSPort

Defines the port used by the RADIUS server (default is 1812).

RADIUSSharedSecret

Secret shared between the RADIUS server and Micetro.

RADIUSAuthentication

Type of authentication used (0 for PAP, 1 for CHAP).

Example configuration:

<RADIUSServer value="192.168.1.3"/>
<RADIUSPort value="1515"/>
<RADIUSSharedSecret value="MyBigSecret"/>
<RADIUSAuthentication value="1"/>

After editing the file, restart Micetro Central.

  • Windows: Use Administration Tools ‣ Services to restart Micetro Central.

  • Others: Execute the mmcentral init script with the ‘restart’ argument.

Configuring Users for RADIUS Authentication

To enable user login in Micetro, users must exist in the Micetro user database. Without existing records in this database, users cannot log in, even with valid credentials in the RADIUS login system.

To configure a user for RADIUS authentication:

  1. Navigate to Admin ‣ Configuration and select Users in the filtering sidebar.

  2. To add a new user, click Create. Fill in the details, selecting RADIUS from the Authentication type drop-down list. For more information about how to create users, see Users.

  3. To modify an existing user, double-click the user’s name to display the Edit Properties dialog box and select RADIUS` from the Authentication type drop-down list.

Note

When RADIUS authentication is selected, the Password and Email address fields are disabled, since passwords are not stored in Micetro.

../../../_images/ad_sso_radius.png