User roles are specified in the Vendor Specific Attribute (VSA) of the Access-Accept response from the server.
The following table shows the syntax of the VSA based account role on the RADIUS server.
Item
Size
(octets)
Value Description
Type 1 26 Attribute number for the Vendor Specific At-
tribute
Length 1 7 or more Attribute size (calculated by server)
Vendor-Id 4 211 Fujitsu Limited (SMI Private Enterprise Code)
Vendor type 1 1 Eternus-Auth-Role
Vendor length 1 2 or more Attribute size described after Vendor type
(calculated by server)
Attribute-Specific 1 or more ASCII characters One or more assignable role names for suc-
cessfully authenticated users (*1)
*1: The server-side role names must be identical to the role names of the ETERNUS AF. Match the letter case
when entering the role names.
[Example] RoleName0
•
If RADIUS authentication fails when "Do not use Internal Authentication" has been selected for "Authentica-
tion Error Recovery" on ETERNUS Web GUI, ETERNUS CLI, or SMI-S, logging on to ETERNUS Web GUI or ETER-
NUS CLI will not be available.
When the setting to use Internal Authentication for errors caused by network problems is configured, Inter-
nal Authentication is performed if RADIUS authentication fails on both primary and secondary RADIUS serv-
ers, or at least one of these failures is due to network error.
•
So long as there is no RADIUS authentication response the ETERNUS AF will keep retrying to authenticate
the user for the entire "Timeout" period set on the "Set RADIUS Authentication (Initial)" menu. If authentica-
tion does not succeed before the "Timeout" period expires, RADIUS Authentication is considered to be a fail-
ure.
•
When using RADIUS authentication, if the role that is received from the server is unknown (not set) for the
device, RADIUS authentication fails.
1. Function
User Access Management
74
FUJITSU Storage ETERNUS AF250 S2, ETERNUS AF250 All-Flash Arrays
Design Guide (Basic)
Copyright 2019 FUJITSU LIMITED
P3AG-1822-09ENZ0
To Next Page
Loading...
