Switched Rack PDU User Guide79
Configure the RADIUS Server
Summary of the configuration procedure
You must configure your RADIUS server to work with the Rack PDU.
For examples of the RADIUS users file with Vendor Specific Attributes (VSAs) and an example of an
entry in the dictionary file on the RADIUS server, see the Security Handbook.
1. Add the IP address of the Rack PDU to the RADIUS server client list (file).
2. Users must be configured with Service-Type attributes unless Vendor Specific Attributes (VSAs)
are defined. If no Service-Type attributes are configured, users will have read-only access (on the
Web interface only).
See your RADIUS server documentation for information about the RADIUS users file, and see
the Security Handbook for an example.
3. VSAs can be used instead of the Service-Type attributes provided by the RADIUS server. VSAs
require a dictionary entry and a RADIUS users file. In the dictionary file, define the names for
the ATTRIBUTE and VALUE keywords, but not for the numeric values. If you change numeric
values, RADIUS authentication and authorization will fail. VSAs take precedence over standard
RADIUS attributes.
Configuring a RADIUS server on UNIX
®
with shadow passwords
If UNIX shadow password files are used (/etc/passwd) with the RADIUS dictionary files, the following
two methods can be used to authenticate users:
• If all UNIX users have administrative privileges, add the following to the RADIUS “user” file. To
allow only Device Users, change the APC-Service-Type to
Device.
DEFAULT Auth-Type = System
APC-Service-Type = Admin
• Add user names and attributes to the RADIUS “user” file, and verify the password against /etc/
passwd. The following example is for users
bconners and thawk:
bconners Auth-Type = System
APC-Service-Type = Admin
thawk Auth-Type = System
APC-Service-Type = Device
Supported RADIUS servers
FreeRADIUS and Microsoft IAS 2003 are supported. Other commonly available RADIUS applications
may work but have not been fully tested.