EasyManua.ls Logo

EnerSys Alpha Cordex CXC HP - RADIUS Authentication

EnerSys Alpha Cordex CXC HP
279 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Cordex®CXCHPControllerSoftwareManual|20-Maintainingthecontroller
20.7.1. RADIUS authentication
RemoteAuthenticationDial-InUserService(RADIUS)isaclient/serverprotocolandsoftwarethat
enablesclientstocommunicatewithacentralservertoauthenticateandauthorizetheiraccesstothe
requestedsystemorservice.ThissectionofthemanualdescribesRADIUSAuthentication,itsfeatures,
andhowtosetupthecontrollerasaRADIUSclient.
Notice: See your RADIUS server documentation for information about setting up the RADIUS
server.
20.7.1.1. RADIUS authentication
TheCordex®CXCHPcontrollercanbeconfiguredtouseaRADIUSservertoremotelyauthenticate
users.Inthiscase,thecontrollerisactingasaRADIUSclient.ARADIUSserver,suchasFreeRADIUS,
mustbeconfiguredseparatelyforremoteauthenticationtoworkcorrectly.
Notice: See your RADIUS server documentation for information about setting up the RADIUS
server.
ThefollowingarefeaturesforusingRADIUSauthentication.
Encryption Protocol: ProvidesencryptedPasswordAuthenticationProtocol(PAP)orChallenge-
HandshakeAuthenticationProtocol(CHAP).
Encrypted RADIUS Shared Secret: Providesasecurelyencrypted,sharedsecretauthentication
ontheRADIUSserver.
Test RADIUS Server Settings: ProvidesanauthenticationrequesttotesttheRADIUSserver
settings.
Network: OperatesontheUserDatagramProtocol(UDP).
How RADIUS Authentication Works
WhentheRemote Authentication Type fieldissettoRADIUS (TACACS+ is disabled) onthecontroller,
theusercredentialsareencrypted,andanauthenticationrequestissenttotheRADIUSServer.When
theRemote Authentication Type fieldissettoNone (RADIUS and TACACS+ are disabled),onlylocal
useraccountscanlogin.
Bydefault,thecontrollerexpectstheRADIUSservertoreturntheuser'sauthenticationusingGroup
Attribute ID 11(Filter-Id).WhenaRADIUSresponseisreceivedfromtheRADIUSserver,thevalueof
attribute"Filter-Id"containsastringGroup Attribute Value thatdefinestheuserrole.Thecontrolleruses
theUserRoleConfigurationtabletomatchthestringreceivedfromtheRADIUSservertoauthenticate
theuser.Iftheuser’sGroup Attribute Value matchesoneoftheassigneduserroles,thematchinguser
privilegeisgranted.Forexample,ifthereceivedFilter-IDattributehasavalue"operator",theuserhas
"OperatorUserRole".Iftherearenomatch,theuserisdeniedaccess.Uponasuccessfullogin,the
encryptedusercredentialsaresavedinthecontrollerscache.Thiscanbeusedifthereisasituation
wheretheRADIUSServerisunavailable.
0350058-J0 Rev AL Page 215

Table of Contents

Other manuals for EnerSys Alpha Cordex CXC HP

Preview: Integrator Guide
Integrator Guide48 pages