Security Genesys : RADIUS EXTERNAL AUTHENTICATION

[sabsab]

Hello everybody,

I am a student, and for my internship I have to secure my genesys platform installed on CENTOS 6.
I thought to start with RADIUS EXTERNAL AUTHENTICATION.

I installed configuration server without forgetting to add RADIUS Configuration Server External Authentication.
I installed freeradius on another VM (virtual machine) centos 6.

Now I do not know what to do to test!
How to add agents (clients, users, other ..)?
How to test authentication?
How to see the logs to trace traffic?
Could you explain to me the steps to be taken with some examples if necessary?

Thank you in advance.
Cordially.

[cavagnaro]

Just for agent logins, check the external login field. Or was external id? Check the framework guide

Enviado de meu E6633 usando Tapatalk

[sabsab]

I have the default agent and two other AG01 agents with an internal password
And AG02 with an external password
My problem is: how to configure these agents and their privileges with radius and make authentication tests!
My idea is to see, by connecting to a genesys apllication, the return of this AAA on my logs or elsewhere.

I apologize in advance if I did not understand you

[cavagnaro]

Cfgserver logs.
The only part where the radius is called is for password input. The external authentication field should match your Radius one. That is it.
Read the section about it in the Framework deployment guide.

Enviado de meu E6633 usando Tapatalk

[sabsab]

Hello
Thank you for your indulgence,

i read all documents about this, but i miss some information.

1- My configuration server already contains the Radius server [b]OR[/b] i Should install an other server Radius and try to connect it to my Configuration Server,
2- In the guide, it sad: "only users with a valid External ID will be considered for external authentication, unless the option enforce-external-auth is set to true". how can i create users with external ID and  How I declare my users in my radius (where ? )

what i want to do is: creating an external users, trying to login in a genesys application and according to the data provinding to Radius, i can see the results.
My principal problem is how configure radius.

ps:
[i][b]"When an external system handles the authentication process, Configuration Server communicates with the external authentication server by means of a pluggable module that Genesys has developed for a particular third-party server. "[/b][/i] from "Framework 8.5 External Authentication Reference Manual"

Excuse me for the insistence

[Kubig]

1. You have to install LDAP server as the configuration server contains just a client, not a server
2. On person tab, there is a field called "External User ID (under External Authentication part of the form)

All you can find in documentation.

[sabsab]

can't i use only radius server in the first place ? 

how my configuration server will connect with the radius server ? wich protocle will use: ?
    PAP
    CHAP
    MS-CHAPv1
    MS-CHAPv2
    PEAP
    EAP-TTLS
    EAP-GTC
    EAP-MD5

My Framework is installed in Centos 6
My genesys administrator in windows 2003
My CME, SCI and IRD in windows 8.1 professional

I want just trying to login in one of this applications, and see how genesys communicate with radius , that's all !

Someone has already worked on it ?

[Kubig]

Follow the documentation - https://docs.genesys.com/Documentation/FR/8.5.1/ExtAuth/RADIUS - all is described there.

In short, you have to install Confserv with selecting RADIUS server authentication during the wizard (for existing solution you can add the RADIUS configuration manually - some libraries, config file, etc.). When the parameters for external authentication are right, then just update any person with External User ID and you will see how the servers communicate.