User guide
b. Put all user information, including the group definition in a text file and use the text
file with the f option on the command line to configure groups for users. Use the
following syntax for configuring a group using the info attribute:
info: group_name=<Group>;
NOTE: To give a user administrative access to the MergePoint SP manager, create a group with the admin role
and add the group name to the group_name definition.
Configuring group authorization for RADIUS authentication
The two tasks listed below must be done to configure groups for RADIUS authentication.
• The RADIUS server’s administrator must define the desired groups and assign users to the
groups. Seethe following procedure.
• The MergePoint SP manager’s administrator must configure the RADIUS server on the
MergePoint SP manager. The following list defines the values to define when configuring a
RADIUS authentication server on the MergePoint SP manager as shown below.
auth1 server[:port] secret [timeout] [retries]
acct1 server[:port] secret [timeout] [retries]
The following list defines each of the values:
• auth1: the first RADIUS authentication server
• acct1: the first RADIUS accounting server
• server: the RADIUS server address
• port: (optional) the default port name is radius and is looked up through /etc/services.
• secret: the shared password required for communication between the MergePoint SP
manager and the RADIUS server
• retries: the number of times each RADIUS server is tried before another is contacted
• timeout: the default is 3 seconds. How long the MergePoint SP manager should wait
for the RADIUS server’s response.
To configure groups on a RADIUS authentication server:
1. On the server, open the /etc/raddb/users file for editing.
2. Assign groups to a user in the FramedFilterId attribute.
3. Use the format FramedFilterId=:group_name=<Group>;, as shown in the following
example:
groupuser1 Auth-Type := Local, User-Password == "xxxxxx"
Service-Type=Callback-Login-User,
116 MergePoint® SP Manager Installer/User Guide