HP StorageWorks Enterprise File Services WAN Accelerator Deployment Guide (November 2005)
100 9 - RADIUS AND TACACS+ AUTHENTICATION
The secret you specify here must also be specified in the HP EFS WAN
Accelerator when you set up RADIUS server support. For detailed
information, see the HP EFS WAN Accelerator Management Console User
Guide.
3. In a text editor, create a /usr/local/share/freeradius/dictionary.rbt file for
HP.
4. Add the following text to the dictionary.rbt file.
VENDOR RBT 17163
ATTRIBUTE Local-User 1 string RBT
5. Add the following line to the /usr/local/share/freeradius/dictionary:
$INCLUDE dictionary.rbt
6. Add users to the Radius server by editing the /usr/local/etc/raddb/users
file. For example:
"admin" Auth-Type := Local, User-Password == "radadmin"
Reply-Message = "Hello, %u"
"monitor" Auth-Type := Local, User-Password == "radmonitor"
Reply-Message = "Hello, %u"
"raduser" Auth-Type := Local, User-Password == "radpass"
Local-User = "monitor", Reply-Message = "Hello, %u"
7. Start the server using /usr/local/sbin/radiusd. Use the -X option if you
want to debug the server.
NOTE: The raduser is the monitor user as specified by Local, User-Password.
Configuring a TACACS+ Server
with Free TACACS+
The following section assumes you are running the TACACS+ authentication
system.
The TACACS+ Local User Service is rbt-exec. The Local User Name Attribute
is local-user-name. This attribute controls whether a user who is not named
admin or monitor is an administrator or monitor user (instead of using the HP
EFS WAN Accelerator default value). For the HP EFS WAN Accelerator, the
users listed in the TACACS+ server must have Password Authentication
Protocol (PAP) authentication enabled.
The following procedures install the free TACACS+ server on a Linux
computer. Cisco Secure can be used as a TACACS+ server.
To download
TACACS+
1. Download TACACS+ from:
http://www.gazi.edu.tr/tacacs/get.php?src=tac_plus_v9a.tar.gz.