HP StorageWorks Enterprise File Services WAN Accelerator 3.0.4 deployment guide (AG421-96001, March 2007)
112 12 - RADIUS AND TACACS+ AUTHENTICATION
The HP EFS WAN Accelerator does not have the ability to set a per interface
authentication policy. The same authentication method list is used for all interfaces
(that is, default). You cannot configure authentication methods with subsets of the
RADIUS or TACACS+ servers specified (that is, there are no server groups).
The following CLI commands are available for RADIUS and TACACS+
authentication:
Configuring a RADIUS Server with
FreeRADIUS
You can, on a per user basis, specify a different local account mapping by using a
vendor specific attribute. This section describes how to configure the FreeRADIUS
server to return an attribute (which specifies the local user account as an ASCII string).
The file paths are the default values. If the RADIUS server installation has been
customized, the paths might differ.
The directory /usr/local/share/freeradius is where the dictionary files are stored. This
is where RADIUS attributes can be defined. Assuming the vendor does not have an
established dictionary file in the FreeRADIUS distribution, you begin the process by
creating a file called: dictionary.<vendor>.
Category CLI Commands
Authentication • aaa authentication login default
• aaa authorization map default-user
• aaa authorization map order
• show authentication method
RADIUS Configuration • radius-server host
• radius-server key
• radius-server retransmit
• radius-server timeout
TACACS+ Configuration • tacacs-server host
• tacacs-server key
• tacacs-server retransmit
• tacacs-server timeout
• show tacacs
User Accounts • username privilege
• username nopassword
• username password
• username password 0
• username password 7
• username password cleartext
• username password encrypted
• username disable