Required radius server settings, Setting up a radius server – HP Virtual Connect 8Gb 24-port Fibre Channel Module for c-Class BladeSystem User Manual

Page 72

Advertising
background image

Virtual Connect users and roles 72

Required RADIUS server settings

The following RADIUS server settings must be configured on VC to enable RADIUS-based authentication:

Enable or disable flag

RADIUS server IP address

UDP port number—the default (well-known) value for RADIUS authentication is 1812.

Shared secret key—this is a plaintext key that must be configured both on VC and on the server. Both

keys should match. The length of the secret key can vary from 1 to 128 characters.

Timeout—the time in seconds by which a server response needs to be received before any retry for a

new request is made. The valid range of values is from 1 to 65535 seconds.

IMPORTANT:

If the same username is used in multiple groups, the HP-VC-Groups attribute must

be the last attribute that is defined.

Setting up a RADIUS server

The following procedure provides an example of setting up a RADIUS server on an external host running

Linux:

1.

Download and install the latest version of the open-source FreeRadius server from the FreeRadius
website (

http://freeradius.org/download.html

).

2.

Add the user entry to the file freeradius-server-2.1.9/raddb/users:

<username> Cleartext-Password := "<password>"
Service-Type = Login-User,
HP-VC-groups = <groupname>

o

"Cleartext-Password" is used to define the password.

o

"Service-Type" must be always set to "Login-User".

o

"HP-VC-Groups" is a HP-specific attribute used to define the group(s) that a user belongs to.

Be sure that the username does not conflict with any of the local user accounts configured on the RADIUS

server host. Otherwise, the RADIUS server will use UNIX-based authentication to look up the local
/etc/passwd file. The server will not look up freeradius-server-2.1.9/raddb/users.

3.

Add the client entry to the file freeradius-server-2.1.9/raddb/clients.conf:

client <hostname/IP> {
ipaddr = <IP address>
secret = <plain-text secret>
require_message_authenticator = no
nastype = other
}

The RADIUS server ignores authentication requests from an unknown client. Therefore, if the client entry
is absent, the server ignores it. The server does not send a reject response.

4.

Add the following to the dictionary file /usr/local/share/freeradius/dictionary.hp for

HP:

ATTRIBUTE HP-VC-groups 192 string HP

The RADIUS server logs are available in the logfile /usr/local/var/log/radius/radius.log.

Advertising
This manual is related to the following products:

Virtual Connect Flex-10 10Gb Ethernet Module for c-Class BladeSystem, Virtual Connect 8Gb 20-port Fibre Channel Module for c-Class BladeSystem, Virtual Connect 4Gb Fibre Channel Module for c-Class BladeSystem, Virtual Connect Flex-10.10D Module for c-Class BladeSystem, Virtual Connect FlexFabric 10Gb24-port Module for c-Class BladeSystem, 4GB Virtual Connect Fibre Channel Module for c-Class BladeSystem

Popular Brands
Popular manuals