Create a New RADIUS Authorization Profile

  1. In the tree in the left pane of the Administration Console, expand the Profiles node.
  2. In the tree, right-click on Authorization or on the Authorization icon that is displayed in the pane at the top of the Administration Console.

  3. Select New AZ Profile from the menu.


  4. Enter a Name for the profile (maximum of 25 characters).

    The name should be descriptive of the type of functionality for which the profile is to be used.

  5. Select RADIUS as the type of protocol the Access Controller uses.

  6. Specify the Dictionary to use.

    Dictionaries are text files of attributes to which you can add entries (as suggested by your Access Controller provider). However, make sure you clearly understand how to add entries to the dictionary so as not to prejudice the authorization process.

    7. Note: You can assign an authorization profile to a gate only if that gate uses the same dictionary.

  7. Click OK.

    A dialog box similar to the one shown below is displayed. Define attributes for the authorization profile.

  8. You can add, edit (or remove) attribute/value pairs (for example, Dialback-No) that your NAS must Check Before authentication and Send After authentication.

    For Send After attributes, you can choose the RADIUS parameter and then a value or an LDAP attribute.

    • Value - enter the static value you want the AAA Server to send back for this authorization profile. This value is the same for all users who have this profile defined.

    • Parameter - enter the value of LDAP attribute. The AAA Server retrieves this parameter from the user account and returns the value present in this parameter. It is possible to have a different value per each user. 

      Note: The LDAP attribute defined must be set in additional LDAP fields.

      See your Access Controller’s technical manual for information about the usage of each attribute.

    • Check Before - AAA Server checks these parameters after sending the login and password parameters, but before validating a user’s identity.
      The system uses Check Before parameters as additional requirements for approving an authentication. For example, if only users connecting with PPP should be allowed access, then you can have the AAA Server check to see if the user connects with another method (like SLIP) and deny access when the connection is not PPP, even if the user provides the correct password.

      • Note: If you select a Check Before parameter, you expect your NAS to send attributes to check. But if your NAS sends no values, the AAA Server authenticates anyway.
    • Send After - AAA Server sends these parameters after the authentication session in order to provide additional information to the NAS (for example, callback value, preferred IP address).
  9. When you have finished adding attributes, click Save.