Support User Manuals

Raritan Computer DSX-0N-E Security Camera User Manual

Open as PDF

of 233

194 DOMINION SX USER GUIDE

Create an IAS Policy

The following section describes the steps to create a policy to allow Radius users to access the

Dominion SX. The example in this section requires two conditions, the client source IP address of

the Dominion SX and the UserID is a member of the SX User Group:

• NAS-IP-Address = Type the IP address of Dominion SX

• Windows-Group = SX User Group

Note: If you have multiple Dominion SX units or different models of Dominion product family

(DKX, DKSX or KX101) then using an appropriate condition to match (NAS-IP-Address) rule

will help apply the correct policy for the appropriate Dominion unit.

1. From Internet Authentication Service, right-click on Remote Access Policies and

select New Remote Access Policy.

2. The New Remote Policy Wizard starts. Click Next>.

3. Select the Set up a custom policy radio button and type a Policy name.

4. The Policy Conditions dialog appears. Click the Add... button.

5. Select the NAS-IP-Address name and click the Add... button. Type the IP address of the

Dominion SX unit.

6. Type a second condition using the name Windows-Group and the value SX User Group.

Click Next>.

7. Select the Grant remote access permission radio button.

8. Click Next>. The Profile dialog appears..

9. Click the Edit Profile... button.

10. Select the Authentication tab. Remove other checkmarks and add a checkmark to enable

Unencrypted authentication (PAP, SPAP)

Note: This version of Dominion SX does not support Challenge Authentication Protocol

(CHAP).

11. Select the Advanced tab. Remove Framed-Protocol.

Note: Each policy has conditions that must be met. If the conditions are not met then IAS

goes to the next policy and examine the conditions.

12. Click the Add... button. The RADIUS attributes list appears.

13. Select Filter-Id Name and click the Add button. Click on Add in the Attribute values

section. Type the attribute value, Raritan:G{Admin}.

14. Click OK.

The value in G{} is the name of a group locally on the DSX, in this case the default

Admin group.

• The value can be Raritan:G{Admin}:D{1234567890} if you are using the dial

back feature, where 1234567890 is the phone number for dial back.

• The value Raritan:G{Admin} must match with the local group on the Dominion

SX.

• The Dominion SX comes from the factory with the default Admin group.

• Additional user groups can be created on Dominion SX unit by using the User

Management>User Group option.

• Appropriate port access and user class (Operator or Observer) can be defined.

The group name should be specified in the Filter-Id attribute value accordingly in

order to authorize the RADIUS user to access the Dominion SX unit

previous next