Verifying the configuration, Authentication for ssh users by an ldap server, Network requirements – H3C Technologies H3C S6300 Series Switches User Manual

Page 69

# Create a RADIUS scheme.

[Switch] radius scheme rad

# Specify the primary authentication server.

[Switch-radius-rad] primary authentication 10.1.1.1 1812

# Set the shared key for secure communication with the server to expert in plain text.

[Switch-radius-rad] key authentication simple expert

# Include the domain names in usernames sent to the RADIUS server.

[Switch-radius-rad] user-name-format with-domain

[Switch-radius-rad] quit

# Create ISP domain bbb and configure authentication, authorization, and accounting methods
for login users.

[Switch] domain bbb

[Switch-isp-bbb] authentication login radius-scheme rad

[Switch-isp-bbb] authorization login radius-scheme rad

[Switch-isp-bbb] accounting login none

[Switch-isp-bbb] quit

Verifying the configuration

# Initiate an SSH connection to the switch, and enter the username hello@bbb and the correct password.

The user logs in to the switch. (Details not shown.)
# Verify that the user can use the commands permitted by the network-operator user role. (Details not

shown.)

Authentication for SSH users by an LDAP server

Network requirements

As shown in

Figure 15

, an LDAP server is located at 10.1.1.1/24 and uses the domain name ldap.com.

Configure the switch to meet the following requirements:

•

Use the LDAP server to authenticate SSH users.

•

Assign the default user role network-operator to SSH users after they pass authentication.

On the LDAP server, set the administrator password to admin!123456, add user aaa, and set the user's

password to ldap!123456.

Figure 15 Network diagram

This manual is related to the following products:

H3C S5820V2 Series Switches H3C S5830 Series Switches H3C S5830V2 Series Switches H3C S3600V2 Series Switches