IBM Security Verify Gateway for RADIUS

This document describes the functions that are provided by IBM® Security Verify Gateway for RADIUS. The Gateway for RADIUS supports both first and second factor authentication by using IBM Security Verify.

Roadmap

  1. Ensure that you met all the requirements. See Prerequisites.
  2. Install the IBM Security Verify Gateway for RADIUS. See Installing the IBM Security Verify Gateway for RADIUS server on Windows.
  3. Configure the IBM Security Verify Gateway for RADIUS. See Configuring the IBM Security Verify Gateway for RADIUS server.
  4. Starting the server. See Start the service.
  5. Uninstalling the server. See Uninstalling the IBM Security Verify Gateway for RADIUS server from Windows operating systems.

Prerequisites

Operating System requirements
  • Windows Server 2016, 64-bit
  • Windows Server 2019, 64-bit
  • Windows Server 2012 R2, 64-bit
  • Windows Server 2016, 64-bit
  • Windows Server 2019, 64-bit
  • Red Hat Enterprise Linux 7 x86-64
  • Red Hat® Enterprise Linux 8 on s390x (zLinux)
  • Red Hat Enterprise Linux 8 x86-64
  • Red Hat Enterprise Linux 8 ppc64le
  • Red Hat® Enterprise Linux 9 on s390x (zLinux)
  • Red Hat Enterprise Linux 9 x86-64
  • Red Hat Enterprise Linux 9 ppc64le
  • Fedora 38
  • Debian 10 x86-64
  • Debian 11 x86-64
  • Debian 12 x86-64
  • openSUSE Leap 15.5
  • SUSE Linux Enterprise Server 15 x86-64
  • SUSE Linux Enterprise Server 15 ppc64le
  • SUSE Linux Enterprise Server 15 s390x(zLinux)
  • SUSE Linux Enterprise Server 12 on s390x (zLinux)
  • Centos 7 x86-64
  • Ubuntu 22.04 x86-64
  • Ubuntu 20.04 x86-64
  • Ubuntu 18.04 x86-64
  • Ubuntu 16.04 x86-64
System requirements

Minimum Windows Server OS system requirements specific to the actual OS version.

Network requirements
  • Port 443 open to the Verify tenant address (TLS).
  • Port 1812 inbound from RADIUS Client server's UDP. Communication over UDP between the IBM Security Verify Gateway for RADIUS and the RADIUS client must be through the configured RADIUS server port. The default RADIUS server port is 1812.
VC_redist.x64.exe

Microsoft Visual C++ 2017 Redistributable (x64) version 14.14.26429

This file can be obtained directly from the MSDN web site https://go.microsoft.com/fwlink/?LinkId=746572.

Microsoft .NET Framework 4.6.1
If not installed, the IBM Security Verify Gateway for RADIUS installer (setup.exe) automatically initiates the download of the Microsoft .NET Framework from the Microsoft website.
Authentication
This RADIUS server only supports Password Authentication Protocol (PAP) authentication. You must configure your client to use PAP.
Note:
  • The RADIUS specification uses the phase “NAS” (Network Access Server) for what this document refers to as the “client”.
  • PAP is no longer considered a secure protocol. The User Datagram Protocol (UDP) network traffic between the client and the RADIUS server must flow over trusted networks only.
  • RADIUS accounting support is not provided.
IBM Security Verify API client
The client must have the following entitlements:
  • Authenticate any user
  • Read second-factor authentication enrollment for all users
  • Read users and groups