In this section:
This object provides an option for configuring users on a remote RADIUS server and authenticating login attempts with that RADIUS server. The authenticating user should be part of the Administrator group.
For configuration details, refer to Configuring SBC for RADIUS Authentication.
Each SBC user is provided a private home directory for SFTP and files used by the CLI (refer to "Unique Home Directories" section on the page Managing SBC Core Users and Accounts). When using Radius authentication, users are only known to the Radius server and therefore do not have private home directories on the SBC. To create these home directories, you must also create Radius users on the SBC (refer to Local Authentication - CLI).
The CLI syntax to configure RADIUS-based authentication is provided below.
Use this object to configure each RADIUS server for the specified Management Interface Group.
% set oam radiusAuthentication radiusServer <serverName> authenticationMethod <pap | peapmschapv2> mgmtInterfaceGroup <string> priority <#> radiusNasIp <x.x.x.x> radiusServerIp <x.x.x.x> radiusServerPort <#> radiusSharedSecret <8-128> state <disabled | enabled>
Use this parameter to configure the authentication retry criteria before the SBC times out as well as the RADIUS server out-of-service setting.
% set oam radiusAuthentication retryCriteria oosDuration <# minutes> retryCount <#> retryTimer <# milliseconds>
The following example configures SBC to communicate with the external RADIUS server for user authentication:
set oam radiusAuthentication radiusServer s1 priority 1 set oam radiusAuthentication radiusServer s1 mgmtInterfaceGroup mgmt0 set oam radiusAuthentication radiusServer s1 radiusServerIp 10.54.90.107 set oam radiusAuthentication radiusServer s1 radiusServerPort 1812 set oam radiusAuthentication radiusServer s1 radiusSharedSecret sonus123 set oam radiusAuthentication radiusServer s1 state enabled # set oam radiusAuthentication retryCriteria oosDuration 120 set oam radiusAuthentication retryCriteria retryCount 2 set oam radiusAuthentication retryCriteria retryTimer 2000 # show oam radiusAuthentication radiusServer s1 { priority 1; state enabled; radiusServerIp 10.54.90.107; radiusServerPort 1812; radiusSharedSecret $3$kAIoEV80OzbOGjefHnQH13BbycnbgbBM; mgmtInterfaceGroup mgmt0; } retryCriteria { retryTimer 2000; retryCount 2; oosDuration 120; }
The following example enables external RADIUS authentication:
% set system admin TXSBC01a externalAuthenticationEnabled true