Building the aaa authentication list – HP StorageWorks IP Storage Router User Manual

Configuring Authentication

153

IP Storage Router SR2122-2 User Guide

Building the AAA Authentication List

iSCSI authentication uses a list of defined AAA authentication services to
administer its security functions. The list that is created must be named default.

To build a list of AAA authentication services to be used for iSCSI authentication:

1. enable — Enter Administrator mode.

2. aaa authentication iscsi default local group radius

group tacacs+

— Create a list (named

default) of authentication

services. For example, build a list so that AAA first tries to perform
authentication using the local username database. If AAA fails to find a user
name match, an attempt is made to contact a RADIUS server. If no RADIUS
server is found, RADIUS returns an error and AAA tries to use a TACACS+
server. If no TACACS+ server is found, TACACS+ returns an error and AAA
authentication fails. If a RADIUS or TACACS+ server does not find a user
name and password match, authentication fails and no other methods are
attempted.

Note:

If local or local-case is the first service in the authentication list and a user name

match is not found, the next service in the list will be tried. If local or local-case is not

the first service, authentication fails if a user name match is not found. Authentication

always fails if a RADIUS or TACACS+ server fails to find a user name match.