HP StorageWorks Fabric OS 5.3.x administrator guide (5697-0244, November 2009)

ManualsBrandsHP ManualsComputer AccessoriesHP 8/40 SAN Switch 8-port Upgrade E-LTU

Fabric OS 5.3.0 administrator guide 79

For example, to configure the switch at IP address 10.32.170.59 as a client:

In this example,

shortname

is an alias used to easily identify the client.

Secret

is the shared secret

between the client and server. Make sure that the shared secret matches that configured on the switch

(see ”To add a RADIUS server to the switch configuration” on page 96).

2. Save the file $PREFIX/etc/raddb/client.config; then start the RADIUS server as follows:

Windows 2000

Configuring RADIUS service on Windows 2000 consists of the following tasks:

• Installing Internet Authentication Service (IAS)

For more information and instructions on installing IAS, refer to the Microsoft web site.

• Enabling the Challenge Handshake Authentication Protocol (CHAP)

If CHAP authentication is required, then Windows must be configured to store passwords with

reversible encryption. Reverse password encryption is not the default behavior; it must be enabled.

NOTE: If a user is configured prior to enabling reverse password encryption, then the user’s password is

stored and cannot utilize CHAP. To use CHAP, the password must be reentered after encryption is enabled.

If the password is not reentered, then CHAP authentication will not work and the user will be unable to

authenticate from the switch.

• Configuring a user

Internet Authentication Service (IAS) is the Microsoft implementation of a RADIUS server and proxy

. IAS

uses the Windows native user database to verify user login credentials; it does not list specific users, but

instead lists

user groups

. Each user group should be associated with a specific switch login role. For

example, you should configure a user group for root, admin, factory, switchadmin, and user, and then

add any users whose logins you want to associate to the appropriate group.

• Configuring the server

How to enable CHAP

1. From the Windows Start menu, select Programs> Administrative Tools> Local Security

Policy to open the Local Security Settings window.

2. In the Local Security Settings window, expand the Account Policies folder and select the Password

Policy folder.

3. From the list of policies in the Password Policy folder, right-click Store password using reversible

encryption for all users in the domain, and select Security from the pop-up menu.

4. An additional Local Security Settings window appears. Click the Enabled radio button and then click

OK.

How to configure RADIUS users

1. From the Windows Start menu, select Programs > Administrative Tools > Computer

Management to open the Computer Management window.

2. In the Computer Management window, expand the Local Users and Groups folder and select the

Groups folder.

3. Right-click the Groups folder and select New Group from the pop-up menu.

4. In the New Group window, provide a Name and Description for the group and click Add.

5. In the Select Users or Groups window, select the user (who should already have been configured) you

want to add to the group and click Add.

client 10.32.170.59

secret = Secret

shortname = Testing Switch

nastype = other

$PREFIX/sbin/radiusd