You can configure a RADIUS sever(s) to perform the user authentication and authorization on the DSC Platform (see DSC User Profiles and Privileges and RADIUS). This section provides you with information about configuring the DSC Platform and the RADIUS server connection to allow this process.

Perform the tasks in the same order as they are presented in this section.

Prerequisites

The following is the prerequisite for setting up the process:

  • the RADIUS server or servers are available and are configured for use as required
  • the DSC Platform is installed and configured
  • an IP connection is established between the RADIUS server and the DSC Platform

The examples in this appendix are for configuration using FreeRadius available at freeradius.org. If you require help with performing the tasks described in the appendix, contact Customer Support

Workflow
StepAction
1Upload the dictionary.pt File to the RADIUS Server.
2Add Users to the RADIUS Server.
3Add the Clients File to the RADIUS Server.
4Configure DSC to Enable a RADIUS Server Connection.

Upload the dictionary.pt File to the RADIUS Server

The definition of the RADIUS server parameters specific to a DSC Platform are defined in the dictionary.pt file (/opt/cpu.ss7gw/current/mibs). The file has to be copied into directory /root/install_directory/share/freeradius on the RADIUS server. The name of the file has to be included in file “dictionary” in the same directory.

For reference, the following is the content of the DSC Platform dictionary file:

Example
#       Place it in "/usr/local/share/freeradius/" and include it in the
#       "/usr/local/share/freeradius/dictionary" file to add support for
#       DSC SWe's attributes to your FreeRADIUS server.                      
#                                                                       
 
VENDOR          pt                              1556
 
BEGIN-VENDOR    pt

 
ATTRIBUTE       PT-RAD-Version          1       integer
 
ATTRIBUTE       PT-UPP-Profile          2       integer
 
VALUE   PT-UPP-Profile          PT-UPP-SS7-Admin        0
VALUE   PT-UPP-Profile          PT-UPP-Monitor          1
VALUE   PT-UPP-Profile          PT-UPP-SCCP-Operator    2
VALUE   PT-UPP-Profile          PT-UPP-MTP-Operator     3
 
END-VENDOR      pt


Add Users to the RADIUS Server

The user names and passwords for DSC Platform users have to be entered in a users file as required. This file is located in the directory /root/install_directory/etc/raddb directory.

The following is an example entry of a user file for user “test” that includes the two DSC Platform-specific parameters.

Example using DSC 14.4.0
test Cleartext-Password := "radiustest"

    PT-RAD-Version = "0",

    PT-UPP-Profile = "PT-UPP-Monitor"

where

  • “radiustest” is the user’s password
  • PT-RAD-Version is the protocol version between the RADIUS server and the DSC Platform
  • "PT-UPP-Monitor" is the user profile as defined in the dictionary.pt file


Add the Clients File to the RADIUS Server

The DSC Platform that are connected to the RADIUS server must be defined in the clients.conf file so this server can identify the Ribbon DSC(s) as a client. This file is located in the /root/install_directory/etc/raddb directory.

The following is an example of a clients.conf file where the DSC Platform clients are lab117 and lab116.

Example
client lab117 {
        ipaddr = 10.91.0.117
        secret  = secretcode
        nastype     = cisco
}                           
 
client lab116 {
        ipaddr = 10.91.0.116
        secret  = secretcode
        nastype     = other
}

Configure DSC to Enable a RADIUS Server Connection

The following procedure describes how to configure the DSC Platform to enable the RADIUS server connection on this system.

Start
  1. Enable the RADIUS server feature as described in Enabling and Disabling a RADIUS Server.
    The configuration files affected on the system are as follows:
    1. UPP Configuration /opt/cpu_ss7gw/current/data/upp.conf
    2. RADIUS Configuration /etc/raddb/server
    3. PAM Configuration /etc/pam.d

    The /etc/pam_radius.conf is supported on the DSC Platform.        

  2. Log onto the DSC Platform with a userID and password defined in the RADIUS server users file.
       
  3. Monitor the window where the RADIUS server is running (in other words, where command ./radiusd -X is entered), because informational messages appear there.
    The following text is an example of such a message for a successful login:

Example
rad_recv: Access-Request packet from host 10.91.0.116 port 1651, id=184, length=71
        User-Name = "test"                                                        
        User-Password = "radiustest"                                              
        NAS-Identifier = "login"                                                  
        NAS-Port = 626                                                            
        NAS-Port-Type = Virtual                                                   
        Service-Type = Authenticate-Only
 
[pap] login attempt with password "test"
[pap] Using clear text password "test"
[pap] User authenticated successfully


Sending Access-Accept of id 184 to 10.91.0.116 port 1651
        PT-RAD-Version = 0
        PT-UPP-Profile = PT-UPP- Monitor
  • No labels