In this section:
Overiew
You can obtain and configure a RADIUS sever(s) to perform the user authentication and authorization on the DSC Platform (see DSC User Profiles and Privileges and RADIUS). This chapter provides you with information about configuring the DSC Platform and the RADIUS server connection to allow this process.
Perform the tasks in the same order as they are presented in this section.
Before you start
The following is the prerequisite for setting up the process:
- the RADIUS server or servers are available and are configured for use as required
- the DSC Platform is installed and configured
- an IP connection is established between the RADIUS server and the DSC Platform
The examples in this appendix are for configuration using FreeRadius available at freeradius.org. If you require help with performing the tasks described in the appendix, contact Customer Support
Uploading the dictionary.pt File to the RADIUS Server
The definition of the RADIUS server parameters specific to a DSC Platform are defined in the dictionary.pt file (/opt/cpu.ss7gw/current/mibs). The file has to be copied into directory /root/install_directory/share/freeradius on the RADIUS server. The name of the file has to be included in file “dictionary” in the same directory.
For reference, the following is the content of the DSC Platform dictionary file (Example):
# Place it in "/usr/local/share/freeradius/" and include it in the # "/usr/local/share/freeradius/dictionary" file to add support for # DSC SWe's attributes to your FreeRADIUS server. # VENDOR pt 1556 BEGIN-VENDOR pt ATTRIBUTE PT-RAD-Version 1 integer ATTRIBUTE PT-UPP-Profile 2 integer VALUE PT-UPP-Profile PT-UPP-SS7-Admin 0 VALUE PT-UPP-Profile PT-UPP-Monitor 1 VALUE PT-UPP-Profile PT-UPP-SCCP-Operator 2 VALUE PT-UPP-Profile PT-UPP-MTP-Operator 3 END-VENDOR pt
Adding Users to the RADIUS Server
The user names and passwords for DSC Platform users have to be entered in a users file as required. This file is located in the directory /root/install_directory/etc/raddb directory.
The following is an example entry of a user file for user “test” (applicable for DSC Platform Release 14.4.0) that includes the two DSC Platform-specific parameters.
test Cleartext-Password := "radiustest"
PT-RAD-Version = "0",
PT-UPP-Profile = "PT-UPP-Monitor"
where
- “radiustest” is the user’s password
- PT-RAD-Version is the protocol version between the RADIUS server and the DSC Platform
- "PT-UPP-Monitor" is the user profile as defined in the dictionary.pt file
Adding the Clients File to the RADIUS Server
The DSC Platform that are connected to the RADIUS server must be defined in the clients.conf file so this server can identify the Ribbon DSC(s) as a client. This file is located in the /root/install_directory/etc/raddb directory.
The following is an example of a clients.conf file where the DSC Platform clients are lab117 and lab116.
client lab117 { ipaddr = 10.91.0.117 secret = secretcode nastype = cisco } client lab116 { ipaddr = 10.91.0.116 secret = secretcode nastype = other }
Configuring the Ribbon DSC for RADIUS
The following procedure describes how to configure the DSC Platform to enable the RADIUS server connection on this system.
To configure the DSC Platform to enable the RADIUS server connection
- Enable the RADIUS server feature as described in Enabling and Disabling a RADIUS Server.
The configuration files affected on the system are as follows:- UPP Configuration /opt/cpu_ss7gw/current/data/upp.conf
- RADIUS Configuration /etc/raddb/server
- PAM Configuration /etc/pam.d
The /etc/pam_radius.conf is supported on the DSC Platform.
- Log onto the DSC Platform with a userID and password defined in the RADIUS server users file.
- Monitor the window where the RADIUS server is running (in other words, where command
./radiusd -X
is entered), because informational messages appear there.
The following text is an example of such a message for a successful login:
rad_recv: Access-Request packet from host 10.91.0.116 port 1651, id=184, length=71 User-Name = "test" User-Password = "radiustest" NAS-Identifier = "login" NAS-Port = 626 NAS-Port-Type = Virtual Service-Type = Authenticate-Only [pap] login attempt with password "test" [pap] Using clear text password "test" [pap] User authenticated successfully Sending Access-Accept of id 184 to 10.91.0.116 port 1651 PT-RAD-Version = 0 PT-UPP-Profile = PT-UPP- Monitor