APC AP9631 Network Card User Manual


  Open as PDF
of 118
 
UPS Network Management Card 2 User’s Guide58
Configuring the RADIUS Server
Summary of the configuration procedure
You must configure your RADIUS server to work with the Management Card.
For examples of the RADIUS users file with Vendor Specific Attributes (VSAs) and an
example of an entry in the dictionary file on the RADIUS server, see the APC Security
Handbook.
1. Add the IP address of the Management Card to the RADIUS server client list (file).
2. Users must be configured with Service-Type attributes unless Vendor Specific Attributes (VSAs)
are defined. If no Service-Type attributes are configured, users will have read-only access (on the
Web interface only).
See your RADIUS server documentation for information about the RADIUS users
file, and see the APC Security Handbook for an example.
3. VSAs can be used instead of the Service-Type attributes provided by the RADIUS server. VSAs
require a dictionary entry and a RADIUS users file. In the dictionary file, define the names for
the ATTRIBUTE and VALUE keywords, but not for the numeric values. If you change numeric
values, RADIUS authentication and authorization will fail. VSAs take precedence over standard
RADIUS attributes.
Configuring a RADIUS server on UNIX
®
with shadow passwords
If UNIX shadow password files are used (/etc/passwd) with the RADIUS dictionary files, the following
two methods can be used to authenticate users:
If all UNIX users have administrative privileges, add the following to the RADIUS “user” file. To
allow only Device Users, change the APC-Service-Type to
Device.
DEFAULT Auth-Type = System
APC-Service-Type = Admin
Add user names and attributes to the RADIUS “user” file, and verify the password against /etc/
passwd. The following example is for users
bconners and thawk:
bconners Auth-Type = System
APC-Service-Type = Admin
thawk Auth-Type = System
APC-Service-Type = Device
Supported RADIUS servers
APC supports FreeRADIUS and Microsoft IAS 2003. Other commonly available RADIUS applications
may work but have not been fully tested by APC.
 previous next