Specifying RADIUS Authentication for a Group

To set up a network policy, follow the steps below in the Server Manager.

  1. In the panel on the left, go to Policies > Network Policies.

  2. Click New in the panel on the right.

  3. Enter a Policy name.
  4. Click Next.

  5. Click the Add… button.

  6. Select the relevant group type.
  7. Click the Add… button.

  8. Click the Add Groups… button.

  9. Enter the group name in the text area provided.
  10. Click Check Names.
  11. If the name is alright, click OK.

  12. Click OK.
  13. Click Next.

  14. Select the relevant Access Permission option.
  15. Click Next.

  16. Remove the tick from the Microsoft Encrypted Authentication version 2 (MS-CHAP-v2) check box.
  17. Ensure that Microsoft Encrypted Authentication (MS-CHAP) is selected.
  18. Ensure that User can change password after it has expired is selected.
  19. Select the Unencrypted authentication (PAP, SPAP) check box.
  20. Click Next.
    Note: If idle timeout is used on the server it should match the idle timeout settings in the LoadMaster. Generally, we recommend not setting this on the server.

  21. Click Next.
Note: The Progress Kemp RADIUS policies should be moved to the top of the policy list on the Windows RADIUS server. The policies are executed in the order they are displayed.

Specify RADIUS Authorization for a Group

Note: The Attributes on this screen need to be in a certain order for the settings to work correctly. The order is as follows: 1. Reply-Message2. Framed-Protocol3. Service-Type
Note: Unfortunately, these attributes are not movable. So, to order these attributes correctly, you need to Remove and then Add them.
  1. Select Framed-Protocol and click Remove.
  2. Select Service-Type and click Remove.
  3. Click the Add… button.

  4. Select Reply-Message.
  5. Click the Add… button.

  6. Click the Add… button.

  7. Enter the relevant permission option(s) and click OK.
    Note: The available permission options are as follows:real,vs,rules,backup,certs,cert3,certbackup,users,root,addvsThese correspond to the permission options in the LoadMaster Web User Interface (WUI). The root permission grants all permissions. Multiple attributes can be specified here, but they must be separated by a comma (with no space).
  8. Click OK again.
  9. Select Framed-Protocol.

  10. Click the Add… button.

  11. Select PPP from the Commonly used for Dial-Up or VPN drop-down list.
  12. Click OK.

  13. Select Service-Type.
  14. Click the Add… button.

  15. Select Framed from the Commonly used for Dial-Up or VPN drop-down list.
  16. Click OK.
  17. Click Close.
  18. Click Next.

  19. Click Finish.
  20. Repeat this process as needed to set permissions for other groups.