User Manual

ManualsBrandsAPC ManualsComputersRack 208V 12A Auto Transfer Switch

100

91Rack ATS AP44xx User Manual

Configure a RADIUS server

Path: Configuration > Security > Remote Users > RADIUS

Use this option to do the following:

• List the RADIUS servers (a maximum of two) available to the Rack ATS and the Reply Timeout

period for each.

• Select a server, and configure the parameters for authentication by a new RADIUS server.

• Select a listed RADIUS server to display and modify its parameters.

Summary of the configuration procedure: You must configure your RADIUS server to work with the

Rack ATS. For examples of the RADIUS users file with Vendor Specific Attributes (VSAs) and an

example of an entry in the dictionary file on the RADIUS server, see the Security Handbook on

www.apc.com.

1. Add the IP address of the Rack ATS to the RADIUS server client list (file).

2. Users must be configured with Service-Type attributes unless Vendor Specific Attributes (VSAs)

are defined. If no Service-Type attributes are configured, users will have read-only access (on the

Web UI only). See your RADIUS server documentation for information about the RADIUS users

file, and see the Security Handbook (www.apc.com) for an example.

3. VSAs can be used instead of the Service-Type attributes provided by the RADIUS server. VSAs

require a dictionary entry and a RADIUS users file. In the dictionary file, define names for

ATTRIBUTE and VALUE keywords, but not for numeric values. If you change numeric values,

RADIUS authentication and authorization will fail. VSAs take precedence over standard RADIUS

attributes.

Configuring a RADIUS server on UNIX

with shadow passwords: If UNIX shadow password files

are used (/etc/passwd) with the RADIUS dictionary files, the following two methods can be used to

authenticate users:

• If all UNIX users have administrative privileges, add the following to the RADIUS “user” file. To

allow only Device Users, change the APC-Service-Type to Device.

DEFAULTAuth-Type = System

APC-Service-Type = Admin

• Add user names and attributes to the RADIUS “user” file, and verify the password against /etc/

passwd. The following example is for users bconners and thawk:

bconnersAuth-Type = System

APC-Service-Type = Admin

thawkAuth-Type = System

APC-Service-Type = Device

Supported RADIUS servers: FreeRADIUS v1.x and v2.x, and Microsoft Server 2008 and 2012

Network Policy Server (NPS) are supported. Other commonly available RADIUS applications may work

but may not have been fully tested

Setting Definition

RADIUS Server The server name or IP address (IPv4 or IPv6) of the RADIUS server. Select a

link to configure the server.

NOTE: RADIUS servers use port 1812 by default to authenticate users. The

Rack ATS supports ports 1812, and 5000 to 32768.

Secret The shared secret between the RADIUS server and the Rack ATS.

Reply Timeout The time in seconds that the Rack ATS waits for a response from the

RADIUS server.

Test Settings Enter the Super User or Administrator user name and password to test the

RADIUS server path that you have configured.

Skip Test and Apply Do not test the RADIUS server path. (Not recommended)