The Edit RADIUS Authentication Settings section determines the primary and backup server host, port, and shared secret to be used for this source. The primary fields are required to be present, though the primary shared secret can be blank. The backup fields are optional. The default port for RADIUS servers is 1645, and will normally be prefilled.
Also available in this section are the Max Retries and Timeout settings. Max Retries determines how many additional times the authentication source will be queried if a query has an error. Timeout determines how many seconds the system will wait for a response before considering a query to be failed.
Finally, both the primary and backup RADIUS server sections have "Test Connection" links which can be used to test the authentication settings. Clicking either link will open a test window prompting for a username and password to attempt authentication with. Once these are provided, the RADIUS Connection Test Results window will appear, which will list the parameters of the test, the result of the test, and any diagnostic information collected during the test.
The RADIUS Authenticated User Template section determines how a user authenticated by this source will be handled. The settings affect only users who successfully authenticate to the RADIUS server, but don't yet exist on the DMZ server.
The Auto-Create Account on Signon setting determines whether a new user will be automatically added to DMZ when they successfully authenticate. The Fullname, Email, and Notes template fields determine what values will be used for the new user's full name, email address, and notes fields if they are added. The macro "[USERNAME]" can be used to represent the username of the user. The Default Authentication Method setting determines whether the user will authenticate using both the external authentication sources and MOVEit DMZ's internal database, or just the external sources. This value will default to External Only for newly created authentication sources. The Create User As Clone Of setting allows the administrator to select an existing user as a template for users created by this authentication source. When this setting is enabled, the selected user will be cloned to create the new user account. If JavaScript is enabled on the browser and one or more template users exist in the organization, only template users will be shown in the dropdown menu by default. The "Show All Users" link will cause all users to be listed again.
If you plan on cloning users with preconfigured expiration policies (such as "expire after 30 days of inactivity"), you must use a "template user" (i.e. a user with a status of "template" rather than "active" or "inactive"). Cloning a template user allows MOVEit DMZ to carry an expiration policy from user to user, but template users are not themselves affected by expiration policies.
Complete information about the optional RADIUS-ODBC authentication service can be found in the Advanced Topics - RADIUS-ODBC Authentication documentation.