IBM Security Verify Gateway for RADIUS

This document describes the functions that are provided by IBM® Security Verify Gateway for RADIUS version 1.0.2.

Roadmap

  1. Ensure that you met all the requirements. See Prerequisites.
  2. Install the IBM Security Verify Gateway for RADIUS. See Installing the IBM Security Verify Gateway for RADIUS server.
  3. Configure the IBM Security Verify Gateway for RADIUS. See Configuring the IBM Security Verify Gateway for RADIUS server.
  4. Starting the server. See Start the service.
  5. Uninstalling the server. See Uninstalling the IBM Security Verify Gateway for RADIUS server.

Prerequisites

Operating System requirements
  • Windows Server 2012 R2, 64-bit
  • Windows Server 2016, 64-bit
  • Windows Server 2019, 64-bit
System requirements

Minimum Windows Server OS system requirements specific to the actual OS version.

Network requirements
  • Port 443 open to the Verify tenant address (TLS).
  • Port 1812 inbound from RADIUS Client server's UDP. Communication over UDP between the IBM Security Verify Gateway for RADIUS and the RADIUS client must be through the configured RADIUS server port. The default RADIUS server port is 1812.
VC_redist.x64.exe

Microsoft Visual C++ 2017 Redistributable (x64) version 14.14.26429

This file can be obtained directly from the MSDN web site https://go.microsoft.com/fwlink/?LinkId=746572.

Microsoft .NET Framework 4.6.1
If not installed, the IBM Security Verify Gateway for RADIUS installer (setup.exe) automatically initiates the download of the Microsoft .NET Framework from the Microsoft website.
Authentication
This RADIUS server only supports Password Authentication Protocol (PAP) authentication. You must configure your client to use PAP.
Note:
  • The RADIUS specification uses the phase “NAS” (Network Access Server) for what this document refers to as the “client”.
  • PAP is no longer considered a secure protocol. The User Datagram Protocol (UDP) network traffic between the client and the RADIUS server must flow over trusted networks only.
  • RADIUS accounting support is not provided.
IBM Security Verify API client
The client must have the following entitlements:
  • Authenticate any user
  • Read second-factor authentication enrollment for all users
  • Read users and groups