Filter
Top Products
UPS Network Management Card 2 User’s Guide52
RADIUS
Path: Administration > Security > Remote Users > RADIUS
Use this option to do the following:
• List the RADIUS servers (a maximum of two) available to the
NMC and the time-out period for each.
• Configure the authentication parameters for a new or existing RADIUS server by clicking a link.
Configuring the RADIUS Server
Summary of the configuration procedure
You must configure your RADIUS server to work with the NMC, see the steps below.
For examples of the RADIUS users file with Vendor Specific Attributes (VSAs) and an example of
an entry in the dictionary file on the RADIUS server, see the Security Handbook.
1. Add the IP address of the
NMC to the RADIUS server client list (file).
2. Users must be configured with Service-Type attributes unless Vendor Specific Attributes (VSAs) are
defined. If no Service-Type attributes are configured, users will have read-only access (on the user
interface only).
See your RADIUS server documentation for information about the RADIUS users file, and
see the Security Handbook for an example.
3. VSAs can be used instead of the Service-Type attributes provided by the RADIUS server.
VSAs require a dictionary entry and a RADIUS user’s file. In the dictionary file, define the names for
the ATTRIBUTE and VALUE keywords, but not for the numeric values. If you change numeric values,
RADIUS authentication and authorization will fail. VSAs take precedence over standard RADIUS
attributes.
Configuring a RADIUS server on UNIX
®
with shadow passwords
If UNIX shadow password files are used (/etc/passwd) with the RADIUS dictionary files, the following two
methods can be used to authenticate users:
• If all UNIX users have administrative privileges, add the following to the RADIUS “user” file. To
allow only Device Users, change the APC-Service-Type to
Device.
DEFAULT Auth-Type = System
RADIUS Setting Definition
RADIUS Server
The server name or IP address (IPv4 or IPv6).
Note: RADIUS servers use port 1812 by default to authenticate users. To use a
different port, add a colon followed by the new port number to the end of the RADIUS
server name or IP address.
Secret The shared secret between the RADIUS server and the NMC.
Timeout The time in seconds that the NMC waits for a response from the RADIUS server.
Test Settings
Enter the Administrator user name and password to test the RADIUS server path that
you have configured.
Skip Test and Apply Do not test the RADIUS server path.