Manualshelf

User Manual

ManualsBrandsAPC ManualsPOWERRack Automatic Transfer Switch 230V 10A
919293949596979899100
Rack ATS AP44xx User Manual86
Configure the RADIUS server
Summary of the configuration procedure
You must configure your RADIUS server to work with the Rack ATS.
For examples of the RADIUS users file with Vendor Specific Attributes (VSAs) and an example of an
entry in the dictionary file on the RADIUS server, see the Security Handbook on www.apc.com.
1. Add the IP address of the Rack ATS to the RADIUS server client list (file).
2. Users must be configured with Service-Type attributes unless Vendor Specific Attributes (VSAs)
are defined. If no Service-Type attributes are configured, users will have read-only access (on the
Web UI only).
3. See your RADIUS server documentation for information about the RADIUS users file, and see
the Security Handbook (www.apc.com) for an example.
4. VSAs can be used instead of the Service-Type attributes provided by the RADIUS server. VSAs
require a dictionary entry and a RADIUS users file. In the dictionary file, define names for
ATTRIBUTE and VALUE keywords, but not for numeric values. If you change numeric values,
RADIUS authentication and authorization will fail. VSAs take precedence over standard RADIUS
attributes.
Configuring a RADIUS server on UNIX
®
with shadow passwords
If UNIX shadow password files are used (/etc/passwd) with the RADIUS dictionary files, the following two
methods can be used to authenticate users:
If all UNIX users have administrative privileges, add the following to the RADIUS “user” file. To
allow only Device Users, change the APC-Service-Type to Device.
DEFAULTAuth-Type = System
APC-Service-Type = Admin
Add user names and attributes to the RADIUS “user” file, and verify the password against /etc/
passwd. The following example is for users bconners and thawk:
bconnersAuth-Type = System
APC-Service-Type = Admin
thawkAuth-Type = System
APC-Service-Type = Device
Supported RADIUS servers
FreeRADIUS v1.x and v2.x, and Microsoft Server 2008 and 2012 Network Policy Server (NPS) are
supported. Other commonly available RADIUS applications may work but may not have been fully tested