Securing imc access, Through authentication services – H3C Technologies H3C Intelligent Management Center User Manual
Page 173
159
WARNING:
An operator group cannot be deleted while members of the group are online. All members of a group
must be logged off before any changes to the Operator Group can be completed. For more information
about logging operators off, see "
Managing online IMC operator access
."
Securing IMC access through authentication services
To further secure access to IMC and to support unified username and password management, IMC
supports the use of login authentication services for both RADIUS and LDAP.
Configuring IMC to use RADIUS authentication services
Only administrators or operators who are members of a group with the ADMIN privilege level can
configure RADIUS authentication services. To configure RADIUS authentication:
1.
Navigate to System > Authentication Server.
a.
Click the System tab from the tabular navigation system on the top.
b.
Click Operator Management on the navigation tree on the left.
c.
Click
Authentication Server under Operator Management from the navigation system on
the left.
The Authentication Server configuration page appears.
2.
Enter the following information in RADIUS Server portion of the Authentication Server page:
•
Authentication Type: Select the RADIUS authentication type, PAP or CHAP from the list under
RADIUS Server. This choice must match the authentication type configured on the RADIUS server.
•
Primary Server: Enter the IP address or host name of the primary RADIUS Server.
•
Secondary Server: Enter the IP address or host name of the secondary RADIUS Server.
•
Authentication Port: Enter the port number used by the RADIUS server for authentication in the field.
The default port number is 1812.
•
Shared Secret: Enter the shared secret for authentication packets. What is configured here must
match what is configured on the RADIUS server.
3.
Click OK to confirm the RADIUS service authentication configuration.
Modifying RADIUS authentication service configuration
To modify an existing RADIUS configuration:
1.
Navigate to System > Authentication Server.
a.
Click the System tab from the tabular navigation system on the top.
b.
Click Operator Management on the navigation tree on the left.
c.
Click
Authentication Server under Operator Management from the navigation system on
the left.
The Authentication Server configuration page appears.
2.
Enter the following information in the Authentication Server page:
•
Authentication Type: Modify the RADIUS authentication type, PAP or CHAP from the list under
RADIUS Server. This choice must match the authentication type configured on the RADIUS server.
•
Primary Server: Modify the IP address or host name of the primary RADIUS Server.
•
Secondary Server: Modify the IP address or host name of the secondary RADIUS Server.