User roles are specified in the Vendor Specific Attribute (VSA) of the Access-Accept response
from the server. The following table shows the syntax of the VSA based account role on the RA-
DIUS server.
Item
Size
(octets)
Value Description
Type 1 26 Attribute number for the Vendor Specif-
ic Attribute
Length 1 7 or more Attribute size (calculated by server)
Vendor-Id 4 211 Fujitsu Limited (SMI Private Enterprise
Code)
Vendor type 1 1 Eternus-Auth-Role
Vendor length 1 2 or more Attribute size described after Vendor
type (calculated by server)
Attribute-Specific 1 or more ASCII characters One or more assignable role names for
successfully authenticated users (*1)
*1: The server-side role names must be identical to the role names of the ETERNUS DX. Match
the letter case when entering the role names.
[Example] RoleName0
•
If RADIUS authentication fails when "Do not use Internal Authentication" has been selected for
"Authentication Error Recovery" on ETERNUS Web GUI, ETERNUS CLI, or SMI-S, logging on to
ETERNUS Web GUI or ETERNUS CLI will not be available.
When the setting to use Internal Authentication for errors caused by network problems is con-
figured, Internal Authentication is performed if RADIUS authentication fails on both primary
and secondary RADIUS servers, or at least one of these failures is due to network error.
•
So long as there is no RADIUS authentication response the
ETERNUS DX will keep retrying to
authenticate the user for the entire "Timeout" period set on the "Set RADIUS Authentication
(Initial)" menu. If authentication does not succeed before the "Timeout" period expires, RADIUS
Authentication is considered to be a failure.
•
When using RADIUS authentication, if the role that is received from the server is unknown (not
set) for the device, RADIUS authentication fails.
2. Basic Functions
User Access Management
73
Fujitsu Storage ETERNUS DX100 S4/DX200 S4, ETERNUS DX100 S3/DX200 S3 Hybrid Storage Systems
Design Guide (Basic)
Copyright 2023 Fujitsu Limited
P3AM-7642-32ENZ0
To Next Page
Loading...
