Revision: 6152
http://ipcop.svn.sourceforge.net/ipcop/?rev=6152&view=rev
Author: eoberlander
Date: 2011-12-04 15:57:55 +0000 (Sun, 04 Dec 2011)
Log Message:
-----------
Add text and screenshots for proxy RADIUS section.
Modified Paths:
--------------
IPCopDoc/trunk/en/admin/xml/proxy.xml
Added Paths:
-----------
IPCopDoc/trunk/en/admin/images/proxy-global-settings.png
IPCopDoc/trunk/en/admin/images/proxy-radius-all.png
IPCopDoc/trunk/en/admin/images/proxy-radius-settings.png
IPCopDoc/trunk/en/admin/images/proxy-radius-user.png
Added: IPCopDoc/trunk/en/admin/images/proxy-global-settings.png
===================================================================
(Binary files differ)
Property changes on: IPCopDoc/trunk/en/admin/images/proxy-global-settings.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: IPCopDoc/trunk/en/admin/images/proxy-radius-all.png
===================================================================
(Binary files differ)
Property changes on: IPCopDoc/trunk/en/admin/images/proxy-radius-all.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: IPCopDoc/trunk/en/admin/images/proxy-radius-settings.png
===================================================================
(Binary files differ)
Property changes on: IPCopDoc/trunk/en/admin/images/proxy-radius-settings.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: IPCopDoc/trunk/en/admin/images/proxy-radius-user.png
===================================================================
(Binary files differ)
Property changes on: IPCopDoc/trunk/en/admin/images/proxy-radius-user.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Modified: IPCopDoc/trunk/en/admin/xml/proxy.xml
===================================================================
--- IPCopDoc/trunk/en/admin/xml/proxy.xml 2011-12-02 07:07:57 UTC (rev
6151)
+++ IPCopDoc/trunk/en/admin/xml/proxy.xml 2011-12-04 15:57:55 UTC (rev
6152)
@@ -77,9 +77,263 @@
<sect2 id="proxy-auth-radius">
<title>RADIUS Authentication</title>
- <para>
- Content to be written...
- </para>
+ <para>
+ This authentication method uses an existing RADIUS server for user
+ authentication.
+ </para>
+ <para>
+ <mediaobject>
+ <imageobject role="fo">
+ <imagedata fileref="&imagepath;proxy-radius-all.&imageext;"
+ format="PNG"
+ contentwidth="14cm"/>
+ </imageobject>
+ <imageobject role="html">
+ <imagedata fileref="&imagepath;proxy-radius-all.&imageext;"
format="PNG" align="center"/>
+ </imageobject>
+ <textobject>
+ <phrase>RADIUS Authentication</phrase>
+ </textobject>
+ </mediaobject>
+ </para>
+ <para>
+ In addition to authentication you can define positive or
+ negative user based access control lists.
+ </para>
+
+ <sect3 id="proxy-auth-radius-global">
+ <title>Global authentication settings</title>
+ <para>
+ <mediaobject>
+ <imageobject role="fo">
+ <imagedata
fileref="&imagepath;proxy-global-settings.&imageext;"
+ format="PNG"
+ contentwidth="14cm"/>
+ </imageobject>
+ <imageobject role="html">
+ <imagedata
fileref="&imagepath;proxy-global-settings.&imageext;" format="PNG"
align="center"/>
+ </imageobject>
+ <textobject>
+ <phrase>Global authentication settings section</phrase>
+ </textobject>
+ </mediaobject>
+ </para>
+ <formalpara>
+ <title><guilabel>Number of authentication
processes</guilabel></title>
+ <para>
+ The number of background processes listening for requests.
+ The default value is 5 and should be increased if
authentication
+ takes too long or Windows integrated authentication falls back
+ to explicit authentication.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Authentication cache TTL</guilabel></title>
+ <para>
+ Duration in minutes how long credentials will be cached for
+ each single session.
+ If this time expires, the user has to re-enter the credentials
+ for this session.
+ The default is set to 60 minutes, the minimum will be 1 minute.
+ The TTL will always be reset when the user sends a new request
+ to the Proxy Server within a session.
+ </para>
+ </formalpara>
+ <note>
+ <para>
+ If the user opens a new session, the credentials must always
+ be entered, even if the TTL has not expired for another
session.
+ </para>
+ </note>
+ <formalpara>
+ <title><guilabel>Limit of IP addresses per user</guilabel>
(optional)</title>
+ <para>
+ Number of source IP addresses a user can be logged in at one
+ time.
+ The IP address will be released after the time defined at
+ <emphasis>User/IP cache TTL</emphasis>.
+ </para>
+ </formalpara>
+ <note>
+ <para>
+ This takes no effect if running Local authentication and the
+ user is a member of the <quote>Extended</quote> group.
+ </para>
+ </note>
+ <formalpara>
+ <title><guilabel>User/IP cache TTL</guilabel></title>
+ <para>
+ Duration in minutes, how long relations between each user name
+ and the used IP address will be cached.
+ The default value is 0 (disabled).
+ </para>
+ </formalpara>
+ <para>
+ A value greater than 0 is only reasonable while using a limit for
+ concurrent IP addresses per user.
+ </para>
+ <formalpara>
+ <title><guilabel>Require authentication for unrestricted source
addresses</guilabel></title>
+ <para>
+ By default authentication is required even for unrestricted IP
+ addresses.
+ If you don't want to require authentication for these
+ addresses, untick this box.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Authentication realm prompt</guilabel></title>
+ <para>
+ This text will be shown in the authentication dialog.
+ The default is <quote>IPCop Advanced Proxy Server</quote>.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Destinations without
authentication</guilabel></title>
+ <para>
+ This allows you to define a list of destinations that can be
+ accessed without authentication.
+ </para>
+ </formalpara>
+ <note>
+ <para>
+ Any domains listed here are destination DNS domains and not
+ source Windows NT domains.
+ </para>
+ </note>
+ <para>
+ Examples:
+ </para>
+ <para>
+ Entire domains and subdomains
+ </para>
+ <screen><computeroutput>*.example.net
+*.google.com</computeroutput></screen>
+ <para>
+ Single hosts
+ </para>
+ <screen><computeroutput>www.example.net
+www.google.com</computeroutput></screen>
+ <para>
+ IP addresses
+ </para>
+ <screen><computeroutput>81.169.145.75
+74.125.39.103</computeroutput></screen>
+ <para>
+ URLs
+ </para>
+ <screen><computeroutput>www.example.net/download
+www.google.com/images</computeroutput></screen>
+ <note>
+ <para>
+ You can enter all of these destination types in any order.
+ </para>
+ </note>
+ <para>
+ Example for Windows Update.
+ </para>
+ <para>
+ To allow access to Windows Update without authentication add these
+ destinations to the list:
+ </para>
+ <screen><computeroutput>*.download.microsoft.com
+*.windowsupdate.com
+windowsupdate.microsoft.com</computeroutput></screen>
+ </sect3>
+
+ <sect3 id="proxy-auth-radius-settings">
+ <title>Common RADIUS settings</title>
+ <para>
+ <mediaobject>
+ <imageobject role="fo">
+ <imagedata
fileref="&imagepath;proxy-radius-settings.&imageext;"
+ format="PNG"
+ contentwidth="14cm"/>
+ </imageobject>
+ <imageobject role="html">
+ <imagedata
fileref="&imagepath;proxy-radius-settings.&imageext;" format="PNG"
align="center"/>
+ </imageobject>
+ <textobject>
+ <phrase>Common RADIUS settings section</phrase>
+ </textobject>
+ </mediaobject>
+ </para>
+ <formalpara>
+ <title><guilabel>RADIUS Server</guilabel></title>
+ <para>
+ Enter the IP address of the RADIUS Server you want to use for
+ authentication.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Port</guilabel></title>
+ <para>
+ Enter the port that will be used to communicate with the
+ RADIUS Server.
+ The default is port 1812, some RADIUS servers may use the
+ depreciated port 1645 instead.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Identifier</guilabel> (optional)</title>
+ <para>
+ This is an optional field and can be used to identify your
+ IPCop for the RADIUS Server.
+ If this is left empty, the IP address of your IPCop will be
+ used for identification.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Shared secret</guilabel></title>
+ <para>
+ This is the shared secret for the authentication of your IPCop
+ against the RADIUS Server.
+ This must be the same password that you have entered on your
+ RADIUS Server.
+ </para>
+ </formalpara>
+ </sect3>
+
+ <sect3 id="proxy-auth-radius-user">
+ <title>User based access restrictions</title>
+ <para>
+ <mediaobject>
+ <imageobject role="fo">
+ <imagedata fileref="&imagepath;proxy-radius-user.&imageext;"
+ format="PNG"
+ contentwidth="14cm"/>
+ </imageobject>
+ <imageobject role="html">
+ <imagedata fileref="&imagepath;proxy-radius-user.&imageext;"
format="PNG" align="center"/>
+ </imageobject>
+ <textobject>
+ <phrase>User based access restrictions section</phrase>
+ </textobject>
+ </mediaobject>
+ </para>
+ <formalpara>
+ <title><guilabel>Enabled</guilabel></title>
+ <para>
+ Enables access control lists for authorized or unauthorized
+ users.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Use positive access control / Authorized
users</guilabel></title>
+ <para>
+ The users listed here will be allowed web access.
+ For all other users, access will be denied.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Use negative access control / Unauthorized
users</guilabel></title>
+ <para>
+ The listed users will be blocked from web access.
+ For all other users, access will be allowed.
+ </para>
+ </formalpara>
+ </sect3>
+
</sect2>
<sect2 id="proxy-cre">
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Ipcop-svn mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
