Hardware manual

ManualsBrandsDell ManualsComputer equipment6 series

Group Administration Group security

4–7

About administration accounts on a RADIUS authentication server

You can use an external RADIUS authentication server to centralize the management of administration accounts.

The RADIUS server authenticates administration accounts and also determines the account privileges. You can

also use a RADIUS accounting server to monitor the login and logout times for accounts that a RADIUS server

authenticates.

Using a RADIUS server can simplify account management if you have a large number of accounts.

There are various implementations of RADIUS, including Microsoft W

dows Internet Authentication Service

(IAS). Depending on the implementation, a RADIUS server can verify account credentials against a local database,

or it can verify them against an external resource, such as a Microsoft Windows Active Directory™ service

domain.

Note: External

administra

tion accounts depend on the availability of the RADIUS server and any related

resources. If these resources are not available, accounts cannot be authenticated and a login does not

succeed.

For information about using IAS and Active

Directory to manage and authenticate administration accounts, see the

Technical Report Using Active Directory for Account Authentication to a PS Series Group on the customer support

web site.

For other RADIUS implementations, see your RADIUS server documentation for inform

ation about setting up the

RADIUS server and configuring vendor-specific attributes (VSAs).

You can use multiple RADIUS authentication servers for increased availability

RADIUS attributes for administration accounts

A RADIUS server uses attributes to authorize accounts as group administrator, pool administrator, or read-only

accounts and to store account contact information. See Types of administrator accounts on page 4

-3 and

Administration account attributes on pa

ge 4-4.

Recommendation: For security reas

ons, Dell recommends that you require vendor-specific attributes.

See your RADIUS server documentation for information on how to set at

tributes.

For each account, you must set the

Service-Type attribute to one of these values:

•

Administrative – Specifies that the account is either a group administrator account, a pool administrator

account, or a volume administrator account.

Note: If you do not specify the

EQL-Admin attribute, by default, the account is a group administrator account.

•

NAS-Prompt – Specifies that the account is a read-only account.

In addition, you must configure vendor-specific attributes (VSAs)

for each account if you meet one of these

conditions:

• You want to create a pool administrator account. You must specify the

EQL-Admin attribute and the EQL-

Pool-Access

attribute.