Dell 6200 SERIES Computer Accessories User Manual


 
118 Device Security
attributes containing configuration information. If the server rejects the user, it returns a negative result.
If the server rejects the client or the shared “secrets” differ, the server returns no result. If the server
requires additional verification from the user, it returns a challenge, and the request process begins again.
If you use a RADIUS server to authenticate users, you must configure user attributes in the user database
on the RADIUS server. The user attributes include the user name, password, and privilege level.
NOTE: To set the privilege level, use the Service-Type attribute. Do not us any vendor-specific attribute
value pairs.
The following example shows an entry in the FreeRADIUS /etc/raddb/users file that allows a
user (name: admin) to log onto the switch with read/write privileges, which is equivalent to privilege level
15.
admin Auth-Type := Local,
User-Password == "pass1234"
Service-Type = NAS-Prompt-User
enable Auth-Type := Local,
User-Password == "pass5678"
Service-Type = Administrative-User
The values for the Service-Type attribute are as follows:
NAS-Prompt-User
indicates the user should be provided a command prompt on the NAS, from
which nonprivileged commands can be executed.
Administrative-User
indicates the user should be granted access to the administrative
interface to the NAS, from which privileged commands can be executed.
RADIUS Configuration Examples
This section contains examples of commands used to configure RADIUS settings on the switch.
Example #1: Basic RADIUS Server Configuration
This example configures two RADIUS servers at 10.10.10.10 and 11.11.11.11. Each server has a unique
shared secret key. The shared secrets are configured to be
secret1
and
secret2
respectively. The server at
10.10.10.10 is configured as the primary server. The process creates a new authentication list, called
radiusList, which uses RADIUS as the primary authentication method, and local authentication as a
backup method in the event that the RADIUS server cannot be contacted.