Authentication for ssh users by an ldap server, Verifying the configuration, Network requirements – H3C Technologies H3C S12500-X Series Switches User Manual

53

# Create a RADIUS scheme.

[Switch] radius scheme rad

# Specify the primary authentication server.

[Switch-radius-rad] primary authentication 10.1.1.1 1812

# Set the shared key for secure communication with the server to expert in plain text.

[Switch-radius-rad] key authentication simple expert

# Include the domain names in usernames sent to the RADIUS server.

[Switch-radius-rad] user-name-format with-domain

[Switch-radius-rad] quit

# Create ISP domain bbb and configure authentication, authorization, and accounting methods
for login users.

[Switch] domain bbb

[Switch-isp-bbb] authentication login radius-scheme rad

[Switch-isp-bbb] authorization login radius-scheme rad

[Switch-isp-bbb] accounting login none

[Switch-isp-bbb] quit

180B

Verifying the configuration

When the user initiates an SSH connection to the switch and enter the username hello@bbb and the

correct password, the user successfully logs in and can use the commands for the network-operator user
role.

26B

Authentication for SSH users by an LDAP server

181B

Network requirements

As shown in

746H

Figure 16

, an LDAP server is at the IP address 10.1.1.1/24 and uses the domain name

ldap.com.
Configure the switch to use the LDAP server to authenticate SSH users, and to assign the default user role
network-operator to SSH users after they pass authentication. On the LDAP server, set the administrator

password to admin!123456, add user aaa, and set the user's password to ldap!123456.

Figure 16 Network diagram