Home > Configuration > Authentication > addauthenticationradiusaction

addauthenticationradiusaction

Use this method to creates an action (profile) for a RADIUS server.
The profile contains all configuration data necessary to communicate with that RADIUS server.

Syntax



Parameters

name

Name for the RADIUS action. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the RADIUS action is added.
This is mandatory parameter.

serverip

IP address assigned to the RADIUS server.

servername

RADIUS server name as a FQDN. Mutually exclusive with RADIUS IP address.

serverport

Port number on which the RADIUS server listens for connections.
Minimum value = 1.

authtimeout

Number of seconds the Citrix ADC waits for a response from the RADIUS server.
Default value = 3.
Minimum value = 1.

radkey

Key shared between the RADIUS server and the Citrix ADC. Required to allow the Citrix ADC to communicate with the RADIUS server.
This is mandatory parameter.

radnasip

If enabled, the Citrix ADC IP address (NSIP) is sent to the RADIUS server as the Network Access Server IP (NASIP) address. The RADIUS protocol defines the meaning and use of the NASIP address.

radnasid

If configured, this string is sent to the RADIUS server as the Network Access Server ID (NASID).

radvendorid

RADIUS vendor ID attribute, used for RADIUS group extraction.
Minimum value = 1.

radattributetype

RADIUS attribute type, used for RADIUS group extraction.
Minimum value = 1.

radgroupsprefix

RADIUS groups prefix string. This groups prefix precedes the group names within a RADIUS attribute for RADIUS group extraction.

radgroupseparator

RADIUS group separator string The group separator delimits group names within a RADIUS attribute for RADIUS group extraction.

passencoding

Encoding type for passwords in RADIUS packets that the Citrix ADC sends to the RADIUS server.
Default value = AAA_PAP.

ipvendorid

Vendor ID of the intranet IP attribute in the RADIUS response. NOTE: A value of 0 indicates that the attribute is not vendor encoded.

ipattributetype

Remote IP address attribute type in a RADIUS response.
Minimum value = 1.

accounting

Whether the RADIUS server is currently accepting accounting messages.

pwdvendorid

Vendor ID of the attribute, in the RADIUS response, used to extract the user password.
Minimum value = 1.

pwdattributetype

Vendor-specific password attribute type in a RADIUS response.
Minimum value = 1.

defaultauthenticationgroup

This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

callingstationid

Send Calling-Station-ID of the client to the RADIUS server. IP Address of the client is sent as its Calling-Station-ID.
Default value = DISABLED.

authservretry

Number of retry by the Citrix ADC before getting response from the RADIUS server.
Default value = 3.
Minimum value = 1.
Maximum value = 10.

authentication

Configure the RADIUS server state to accept or refuse authentication messages.
Default value = ON.

tunnelendpointclientip

Send Tunnel Endpoint Client IP address to the RADIUS server.
Default value = DISABLED.

transport

Transport mode to RADIUS server.
Default value = RAD_TRANSPORT_UDP.

targetlbvserver

If transport mode is TLS, specify the name of LB vserver to associate. The LB vserver needs to be of type TCP and service associated needs to be SSL_TCP

messageauthenticator

Control whether the Message-Authenticator attribute is included in a RADIUS Access-Request packet.
Default value = ON.

Return Value

Returns simpleResult

See Also

getauthenticationradiusaction

rmauthenticationradiusaction

setauthenticationradiusaction_accounting

setauthenticationradiusaction_authentication

setauthenticationradiusaction_authservretry

setauthenticationradiusaction_authtimeout

setauthenticationradiusaction_callingstationid

setauthenticationradiusaction_defaultauthenticationgroup

setauthenticationradiusaction_ipattributetype

setauthenticationradiusaction_ipvendorid

setauthenticationradiusaction_messageauthenticator

setauthenticationradiusaction_passencoding

setauthenticationradiusaction_pwdvendorid

setauthenticationradiusaction_radattributetype

setauthenticationradiusaction_radgroupseparator

setauthenticationradiusaction_radgroupsprefix

setauthenticationradiusaction_radkey

setauthenticationradiusaction_radnasid

setauthenticationradiusaction_radnasip

setauthenticationradiusaction_radvendorid

setauthenticationradiusaction_server

setauthenticationradiusaction_serverip

setauthenticationradiusaction_serverport

setauthenticationradiusaction_targetlbvserver

setauthenticationradiusaction_transport

setauthenticationradiusaction_tunnelendpointclientip

unsetauthenticationradiusaction_accounting

unsetauthenticationradiusaction_authentication

unsetauthenticationradiusaction_authservretry

unsetauthenticationradiusaction_authtimeout

unsetauthenticationradiusaction_callingstationid

unsetauthenticationradiusaction_defaultauthenticationgroup

unsetauthenticationradiusaction_ipattributetype

unsetauthenticationradiusaction_ipvendorid

unsetauthenticationradiusaction_messageauthenticator

unsetauthenticationradiusaction_passencoding

unsetauthenticationradiusaction_pwdattributetype

unsetauthenticationradiusaction_pwdvendorid

unsetauthenticationradiusaction_radattributetype

unsetauthenticationradiusaction_radgroupseparator

unsetauthenticationradiusaction_radgroupsprefix

unsetauthenticationradiusaction_radnasid

unsetauthenticationradiusaction_radnasip

unsetauthenticationradiusaction_radvendorid

unsetauthenticationradiusaction_serverport

unsetauthenticationradiusaction_targetlbvserver

unsetauthenticationradiusaction_transport

unsetauthenticationradiusaction_tunnelendpointclientip