HP StorageWorks Enterprise File Services WAN Accelerator 2.1.7 Deployment Guide (407118 - 003, June 2006)
104 9 - RADIUS AND TACACS+ AUTHENTICATION
}
The secret you specify here must also be specified in the HP EFS WAN
Accelerator when you set up RADIUS server support. For detailed information,
see the HP Enterprise File Services WAN Accelerator Management Console User
Guide.
3. In a text editor, create a /usr/local/share/freeradius/dictionary.rbt file for HP.
4. Add the following text to the dictionary.rbt file.
VENDOR RBT 17163
ATTRIBUTE Local-User 1 string RBT
5. Add the following line to the /usr/local/share/freeradius/dictionary:
$INCLUDE dictionary.rbt
6. Add users to the Radius server by editing the /usr/local/etc/raddb/users file. For
example:
"admin" Auth-Type := Local, User-Password == "radadmin"
Reply-Message = "Hello, %u"
"monitor" Auth-Type := Local, User-Password == "radmonitor"
Reply-Message = "Hello, %u"
"raduser" Auth-Type := Local, User-Password == "radpass"
Local-User = "monitor", Reply-Message = "Hello, %u"
7. Start the server using /usr/local/sbin/radiusd. Use the -X option if you want to
debug the server.
NOTE: The raduser is the monitor user as specified by Local, User-Password.
Configuring a TACACS+ Server
with Free TACACS+
The following section assumes you are running the TACACS+ authentication system.
The TACACS+ Local User Service is rbt-exec. The Local User Name Attribute is
local-user-name. This attribute controls whether a user who is not named admin or
monitor is an administrator or monitor user (instead of using the HP EFS WAN
Accelerator default value). For the HP EFS WAN Accelerator, the users listed in the
TACACS+ server must have Password Authentication Protocol (PAP) authentication
enabled.
The following procedures install the free TACACS+ server on a Linux computer.
Cisco Secure can be used as a TACACS+ server as described in “Configuring
TACACS+ with Cisco Secure Access Control Server” on page 106.