Create
Use Create to add new entries to the RADIUS directory. You must have write permission for the parent of the entry you want to create. See Login for details.
Quick Reference
Creating a New Entry
- Click on the
icon or select Create from the Entry menu.
The Create window is displayed.
There are two steps to creating a RADIUS directory. You must complete the current step before you can progress to the next one. Click on Next Step or Previous Step to navigate between them.
- Name the entry
- Assign attributes to the entry and name them.
- When you have completed the entry click Done.
Naming
Before creating the new entry you need to name it.
- Select the type of entry you want to add (Remote User or Remote Access Server).
- For a Remote User add, specify the profile for the new entry (Standard, PPP, SLIP or LOGIN).
The list of RADIUS profiles available is defined in the Deja.properties file on the directory server. See the Sun Directory Services 3.1 User's Guide for information.
- Specify the parent of the entry:
- Type the Distinguished Name of the Entry's parent in the Parent text field.
- Alternatively, click once on the parent in the browser window to select it and click the Get from Browser button next to the Parent text field.
The Distinguished Name of the selected entry is imported to the Parent text field.
- Select the naming attribute with the option button.
The list of available naming attributes is defined in the Deja.properties file on the directory server. See the Sun Directory Services 3.1 User's Guide for information.
- Type the Relative Distinguished Name of the entry in the Entry Name text field.
- Click the Next Step button to select attributes.
Selecting Attributes
Each type of RADIUS entry has a number of attributes associated with it. Some of these attributes are mandatory (marked with an "M") and must be given a value, others are optional (marked with an "O") and can be left without a value. In this window you can assign values to the attributes. Initially only the mandatory attributes are displayed.
Some attributes accept multiple values, others can only have one value. This is defined in the schema by the SINGLE-VALUE keyword. If you try to add more than one value to a single-valued attribute, an error message is displayed.
- To assign a value to an attribute:
- From the Choose Attribute window, select the attribute for
which you want to add a value.
- Type the attribute's value in the text field.
There are three ways of adding an attribute to the directory:
- Click the Add button to add the value of the attribute to
the entry.
The value appears in the entry definition next to the attribute.
- Click the Chk Add button.
The value is added to the entry definition, and the name of the
attribute is added to the Radius Check Data optional attribute which
matches the grpCheckInfo attribute.
For example, if you select the User ID attribute from the Choose
Attribute list and type the value charles in the text window, when you
click on Chk Add, the value charles is added to the User ID attribute,
and uid is added to the Radius Check Data attribute.
- Click the Rpl Add button.
The value is added to the entry definition, and the name of the
attribute is added to the Radius Reply Data optional attribute which
matches the grpReplyInfo attribute.
- To add an additional value to an attribute, repeat steps 1 and 2.
The additional value is added to the entry definition.
When an attribute has more than one value, an arrow is displayed next
to the attribute name in the entry definition. Click on the arrow to
collapse or expand the attribute definition.
- To delete a value from the entry:
- Select the value or the attribute in the entry definition.
There are three ways of deleting an attribute from the directory:
- Click the Delete button.
- Click the Chk Del button.
The value is removed from the entry definition, and the name of the
attribute is removed from the Radius Check Data optional attribute
which matches the grpCheckInfo
attribute.
- Click the Rpl Del button.
The value is removed from the entry definition, and the name of the
attribute is removed from the Radius Reply Data optional attribute
which matches the grpReplyInfo
attribute.
If you delete the only value for an optional attribute, the attribute is
removed from the entry definition.
If you delete the only value for a mandatory attribute, only the value is
cleared from the entry definition. The attribute remains. If you click
Done, you are prompted to supply values for any mandatory
attributes without values.
- To modify an attribute's value:
- In the entry definition, select the value of the attribute you want to
modify.
The attribute's value appears in the text field.
- Modify the value and click the Modify button.
The modified value appears in the entry definition.
- To clear the text field:
grpCheckInfo
The grpCheckInfo attribute, contains a list of attributes that must be checked by the RADIUS server against the information supplied by the remote user. If the grpCheckInfo attribute is not present, or if it does not contain any attributes, then all the attributes in the remote user's entry are checked before access is granted to the user.
grpReplyInfo
The grpReplyInfo attribute, contains a list of attributes returned by the RADIUS server with an access-accept or access-reject response. It can contain connection parameters such as a PPP or SLIP profile.