...
Noprint | |||||||||
---|---|---|---|---|---|---|---|---|---|
|
Panel | ||||
---|---|---|---|---|
In this section:
|
The
Spacevars | ||
---|---|---|
|
...
. For external authentication, the user credentials are sent to
...
Spacevars | ||
---|---|---|
|
...
Spacevars | ||
---|---|---|
|
...
a remote Remote Authentication Dial In User Service (RADIUS)
...
server and authenticated. The username and encrypted password are sent to the remote RADIUS server in an ACCESS_REQUEST packet. The user is allowed/denied access to the
Spacevars | ||
---|---|---|
|
users are currently segregated into the following groups which define the privileges of each user. Access to data/commands is allowed/prevented based on the group of the user who is trying to acquire the access. Spacevars 0 product
Since the RADIUS protocol does not provide a means to assign users to a group, the implementation currently hard codes every RADIUS authenticated user to the Administrator group.
The
Spacevars | ||
---|---|---|
|
...
Spacevars | ||
---|---|---|
|
...
To configure RADIUS authentication for
Spacevars | ||
---|---|---|
|
Anchor | ||||
---|---|---|---|---|
|
When a user is authenticated via RADIUS, the user is assigned to a group provided by the RADIUS server as part of the ACCESS_ACCEPT packet.
Note | ||||
---|---|---|---|---|
| ||||
If EMS is used for RADIUS authentication, the group information is passed in a VSA message as plain text after the vendor ID. The string start with "Sonus-Groups". No Vendor-specific formatting is used by EMS. |
For
...
Spacevars | ||
---|---|---|
|
Code Block | ||
---|---|---|
| ||
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Vendor-Id
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Vendor-Id (cont) | Vendor type | Vendor length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attribute-Specific...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- |
The Vendor-Id is
...
an SMI Network Management Private Enterprise Code of the vendor
...
Ribbon as specified in RFC 2865.
...
If the RADIUS server does not provide a group or provides a group name which is not present in the
...
Spacevars | ||
---|---|---|
|
...
the
Spacevars | ||
---|---|---|
|
Anchor | ||||
---|---|---|---|---|
|
The
...
Spacevars | ||
---|---|---|
|
...
Spacevars | ||
---|---|---|
|
radiusServer
and retryCriteria
parameters to radiusAuthentication
configuration object.When more than one RADIUS server is configured and RADIUS authentication is attempted, the server configured with the least priority value is tried first. If fallback is configured, the inverse priority order is followed to pick the next server for authentication. SBC allows a configurable number of retries and time-outs before retry.
Once the
...
Spacevars | ||
---|---|---|
|
retryTimer
) before resending the ACCESS_REQUEST. After a configurable number of failed attempts (retryCount
), the RADIUS server is marked as unavailable, or out of service (OOS) for a configured amount of time (oosDuration
), and the ...
Spacevars | ||
---|---|---|
|
...
Spacevars | ||
---|---|---|
|
Note | ||||
---|---|---|---|---|
| ||||
An administrator can manually return an OOS RADIUS server back into service by setting the |
SBC includes statistics to check the status of a RADIUS server, as well as the time when an unavailable server automatically becomes available again. See "radiusAuthentication" statistic details at
...
Show Table OAM or Show Status OAM pages.
Note | ||||
---|---|---|---|---|
| ||||
|
...
|
...
To enable remote authentication:
...
Change to
...
Configuration mode:
Code Block | ||
---|---|---|
| ||
> configure private |
Span |
---|
|
Execute the following command:
Code Block | ||
---|---|---|
| ||
% set system admin <system name> localAuthenticationEnabled false externalAuthenticationEnabled true |
Info | ||
---|---|---|
| ||
For CLI configuration details, |
...
refer to Admin - CLI. To enable the external authentication using EMA, |
...
...
To configure
...
a remote RADIUS Server:
Log
...
into the
Spacevars | ||
---|---|---|
|
Change to
...
Configuration mode:
Code Block | ||
---|---|---|
| ||
> configure private |
Span |
---|
Execute the following command:
Code Block | ||
---|---|---|
| ||
% set oam radiusAuthentication
radiusServer <server name>
mgmtInterfaceGroup <string>
priority <#>
radiusNasIp <x.x.x.x>
radiusServerIp <x.x.x.x>
radiusServerPort <#>
radiusSharedSecret <8-128>
state <disabled | enabled>
retryCriteria
oosDuration <# minutes>
retryCount <#>
retryTimer <# milliseconds> |
Info | ||
---|---|---|
| ||
For CLI configuration details, |
...
refer to Radius Authentication - CLI. To configure a RADIUS server using EMA, |
...
refer to Users and Application Management - Radius Authentication and OAM - Radius Authentication. |
Include Page | ||||
---|---|---|---|---|
|
The supports all alphabetical, numeric, and special characters for setting the radiusSharedSecret
key.
The following characters in the key must be escaped while setting a radiusSharedSecret
for configuring a RADIUS server:
For example,
Pagebreak |
---|