beautypg.com

Required radius server settings, Setting up a radius server – HP 1.10GB Virtual Connect Ethernet Module for c-Class BladeSystem User Manual

Page 66

background image

Virtual Connect users and roles 66

Required RADIUS server settings

The following RADIUS server settings must be configured on VC to enable RADIUS-based authentication:

Enable or disable flag

RADIUS server IP address

UDP port number—the default (well-known) value for RADIUS authentication is 1812.

Shared secret key—this is a plaintext key that must be configured both on VC and on the server. Both

keys should match. The length of the secret key can vary from 1 to 128 characters.

Timeout—the time in seconds by which a server response needs to be received before any retry for a

new request is made. The valid range of values is from 1 to 65535 seconds.

IMPORTANT:

If the same username is used in multiple groups, the HP-VC-Groups attribute must

be the last attribute that is defined.

Setting up a RADIUS server

The following procedure provides an example of setting up a RADIUS server on an external host running

Linux:

1.

Download and install the latest version of the open-source FreeRadius server from the FreeRadius
website (

http://freeradius.org/download.html

).

2.

Add the user entry to the file freeradius-server-2.1.9/raddb/users:

Cleartext-Password := ""
Service-Type = Login-User,
HP-VC-groups =

o

"Cleartext-Password" is used to define the password.

o

"Service-Type" must be always set to "Login-User".

o

"HP-VC-Groups" is a HP-specific attribute used to define the group(s) that a user belongs to.

Be sure that the username does not conflict with any of the local user accounts configured on the RADIUS

server host. Otherwise, the RADIUS server will use UNIX-based authentication to look up the local
/etc/passwd file. The server will not look up freeradius-server-2.1.9/raddb/users.

3.

Add the client entry to the file freeradius-server-2.1.9/raddb/clients.conf:

client {
ipaddr =
secret =
require_message_authenticator = no
nastype = other
}

The RADIUS server ignores authentication requests from an unknown client. Therefore, if the client entry
is absent, the server ignores it. The server does not send a reject response.

4.

Add the following to the dictionary file /usr/local/share/freeradius/dictionary.hp for

HP:

ATTRIBUTE HP-VC-groups 192 string

The RADIUS server logs are available in the logfile /usr/local/var/log/radius/radius.log.

This manual is related to the following products:
See also other documents in the category HP Computer Accessories: