Dell POWEREDGE M1000E User Manual

Controlling Management Access

177

Figure 9-2. RADIUS Topology

The server can authenticate the user itself or make use of a back-end device to

ascertain authenticity. In either case a response may or may not be

forthcoming to the client. If the server accepts the user, it returns a positive

result with attributes containing configuration information. If the server

rejects the user, it returns a negative result. If the server rejects the client or

the shared

secrets

differ, the server returns no result. If the server requires

additional verification from the user, it returns a challenge, and the request

process begins again.
If you use a RADIUS server to authenticate users, you must configure user

attributes in the user database on the RADIUS server. The user attributes

include the user name, password, and privilege level.

The following example shows an entry in the FreeRADIUS
/etc/raddb/users

file that allows a user (name: admin) to log onto the

switch with read/write privileges, which is equivalent to privilege level 15.

admin

Auth-Type := Local,

User-Password == "pass1234"

Service-Type = NAS-Prompt-User

NOTE:

To set the privilege level, use the

Service-Type

attribute. Do not

use any vendor-specific attribute value pairs.

`

Management Host

Primary RADIUS Server

Backup RADIUS Server

Management

Network

PowerConnect Switch