Issue
How do I configure RADIUS authentication for my card reader on the NetBotz 250 and Netbotz Rack Access PX-HID?
Product Line
- Rack Access PX-HID (AP9361)
-Netbotz 250 (NBRK0250)
Environment
- Rack Access PX-HID, Netbotz 250 (all firmware versions)
- RADIUS Authentication
Resolution
NOTE: These steps only apply to the NetBotz 250 (NBRK0250) and Netbotz Rack Access PX - HID (AP9361). The NetBotz Rack Access PX Basic (AP9360) card reader cannot authenticate via RADIUS.
You must first configure your RADIUS server to support the NetBotz 250 and Rack Access PX.
A sample configuration is provided below. This configuration was performed using FreeRADIUS.
The first file to edit is the Clients.conf file. Here are the sample settings:
The second file to edit is the Dictionary file. Here are the sample settings:
How do I configure RADIUS authentication for my card reader on the NetBotz 250 and Netbotz Rack Access PX-HID?
Product Line
- Rack Access PX-HID (AP9361)
-Netbotz 250 (NBRK0250)
Environment
- Rack Access PX-HID, Netbotz 250 (all firmware versions)
- RADIUS Authentication
Resolution
NOTE: These steps only apply to the NetBotz 250 (NBRK0250) and Netbotz Rack Access PX - HID (AP9361). The NetBotz Rack Access PX Basic (AP9360) card reader cannot authenticate via RADIUS.
You must first configure your RADIUS server to support the NetBotz 250 and Rack Access PX.
A sample configuration is provided below. This configuration was performed using FreeRADIUS.
The first file to edit is the Clients.conf file. Here are the sample settings:
client 159.215.4.0/24
secret = radius
shortname = PXHID
shortname = PXHID
The second file to edit is the Dictionary file. Here are the sample settings:
VENDOR APC 318
BEGIN-VENDOR APC
ATTRIBUTE APC-Service-Type 1 integer APC
ATTRIBUTE APC-Outlets 2 string APC
ATTRIBUTE APC-Perms 3 string APC
ATTRIBUTE APC-Username 4 string APC
ATTRIBUTE APC-Contact 5 string APC
ATTRIBUTE APC-ACCPX-Doors 6 string APC
ATTRIBUTE APC-ACCPX-Status 7 string APC
ATTRIBUTE APC-ACCPX-Access1 8 string APC
ATTRIBUTE APC-ACCPX-Access2 9 string APC
ATTRIBUTE APC-ACCPX-Access3 10 string APC
ATTRIBUTE APC-ACCPX-Access4 11 string APC
ATTRIBUTE APC-ACCPX-Access5 12 string APC
ATTRIBUTE APC-ACCPX-Access6 13 string APC
ATTRIBUTE APC-ACCPX-Access7 14 string APC
VALUE APC-Service-Type Admin 1
VALUE APC-Service-Type Device 2
VALUE APC-Service-Type ReadOnly 3
VALUE APC-Service-Type Outlet 4
VALUE APC-Service-Type Card 5
BEGIN-VENDOR APC
ATTRIBUTE APC-Service-Type 1 integer APC
ATTRIBUTE APC-Outlets 2 string APC
ATTRIBUTE APC-Perms 3 string APC
ATTRIBUTE APC-Username 4 string APC
ATTRIBUTE APC-Contact 5 string APC
ATTRIBUTE APC-ACCPX-Doors 6 string APC
ATTRIBUTE APC-ACCPX-Status 7 string APC
ATTRIBUTE APC-ACCPX-Access1 8 string APC
ATTRIBUTE APC-ACCPX-Access2 9 string APC
ATTRIBUTE APC-ACCPX-Access3 10 string APC
ATTRIBUTE APC-ACCPX-Access4 11 string APC
ATTRIBUTE APC-ACCPX-Access5 12 string APC
ATTRIBUTE APC-ACCPX-Access6 13 string APC
ATTRIBUTE APC-ACCPX-Access7 14 string APC
VALUE APC-Service-Type Admin 1
VALUE APC-Service-Type Device 2
VALUE APC-Service-Type ReadOnly 3
VALUE APC-Service-Type Outlet 4
VALUE APC-Service-Type Card 5
The third and final file to edit is the Users file. Here are the sample settings:
# ACCPX LOCK USER WITH HID PROXIMITY CARD
xxxxxxxxxx (this is the code from the HID card being used Password = ""4Axxxxxxxxxx"" (this is the serial number of the NetBotz Rack Access being used)
APC-Username="user", (this can be anything that the user desires)
APC-ACCPX-Doors="BothDoors",
APC-ACCPX-Status=""Enabled"",
APC-ACCPX-Access1="Sun,00:00,23:59",
APC-ACCPX-Access2="Mon,00:00,23:59",
APC-ACCPX-Access3="Tue,01:00,16:59",
APC-ACCPX-Access4="Wed,00:00,23:59",
APC-ACCPX-Access5="Thu,00:00,23:59",
APC-ACCPX-Access6="Fri,00:00,23:59",
APC-ACCPX-Access7="Sat,00:00,23:59"
xxxxxxxxxx (this is the code from the HID card being used Password = ""4Axxxxxxxxxx"" (this is the serial number of the NetBotz Rack Access being used)
APC-Username="user", (this can be anything that the user desires)
APC-ACCPX-Doors="BothDoors",
APC-ACCPX-Status=""Enabled"",
APC-ACCPX-Access1="Sun,00:00,23:59",
APC-ACCPX-Access2="Mon,00:00,23:59",
APC-ACCPX-Access3="Tue,01:00,16:59",
APC-ACCPX-Access4="Wed,00:00,23:59",
APC-ACCPX-Access5="Thu,00:00,23:59",
APC-ACCPX-Access6="Fri,00:00,23:59",
APC-ACCPX-Access7="Sat,00:00,23:59"
Once the RADIUS server has been configured, you can enable RADIUS authentication on the NetBotz 250 and Rack Access PX (AP9361).
Log into the NetBotz and navigate to Administration and then Security. Under Remote Users you will find RADIUS. You will need to add your RADIUS server settings to this section. These settings include server IP or hostname, RADIUS secret, and Timeout. You also have the option to test authentication. Test with a user that is already configured on the RADIUS server. If authentication passes, proceed to the next step. If authentication fails, then you must determine why the NetBotz cannot authenticate through the RADIUS server.
If authentication passes, you must enable RADIUS on the card reader. Click on Rack Access. Under User Access, click on RADIUS. You will have three options:
- Rack Access PX-HID Only - Authentication performed via the NetBotz only
- RADIUS, then Rack Access PX-HID - Authentication via RADIUS, if the RADIUS server is unreachable, authentication performed via the NetBotz
- RADIUS Only - Authentication via RADIUS only
Once configured, users can be authenticated via RADIUS through the card reader.
If you have trouble configuring your RADIUS server, it is advised that you contact your RADIUS server vendor for assistance.
NOTE: Tested with Freeradius 3.0.25, removing BEGIN-VENDOR APC (not the section) allowed proper functionality on the Netbotz 250.
Log into the NetBotz and navigate to Administration and then Security. Under Remote Users you will find RADIUS. You will need to add your RADIUS server settings to this section. These settings include server IP or hostname, RADIUS secret, and Timeout. You also have the option to test authentication. Test with a user that is already configured on the RADIUS server. If authentication passes, proceed to the next step. If authentication fails, then you must determine why the NetBotz cannot authenticate through the RADIUS server.
If authentication passes, you must enable RADIUS on the card reader. Click on Rack Access. Under User Access, click on RADIUS. You will have three options:
- Rack Access PX-HID Only - Authentication performed via the NetBotz only
- RADIUS, then Rack Access PX-HID - Authentication via RADIUS, if the RADIUS server is unreachable, authentication performed via the NetBotz
- RADIUS Only - Authentication via RADIUS only
Once configured, users can be authenticated via RADIUS through the card reader.
If you have trouble configuring your RADIUS server, it is advised that you contact your RADIUS server vendor for assistance.
NOTE: Tested with Freeradius 3.0.25, removing BEGIN-VENDOR APC (not the section) allowed proper functionality on the Netbotz 250.