FTP Proxy Service With RADIUS User Authentication
The following information is used in this example:
|
Proxy user name |
pu1 |
|
Authorized user name |
au1 |
|
Authorized user password |
au1_pw |
|
Backend user name |
bu1 |
|
Backend user password |
bu1_pw |
|
Backedn FTP server name |
ftp_server |
|
SunScreen proxy server name |
sunscreen_fw |
|
Radius user name |
bu1 |
|
Radius user password |
bu1_radpw |
To Configure the FTP Proxy Service With RADIUS User Authentication
-
Follow the steps in the section above, "Configuring RADIUS Authentication".
-
Configure the FTP Proxy Service:
-
Create a Proxy user group, for example, ftp-grp.
-
Add predefined users radius and securid to ftp-grp.
# ssadm edit Policy > proxyuser add ftp-grp GROUP > proxyuser addmember ftp-grp radius > proxyuser addmember ftp-grp securid
-
For each user that will be using the FTP Proxy:
-
Create a record in the Authorized User database.
-
Create a record in the Proxy User database.
-
Add the user as member of ftp-grp:
# ssadm edit Policy > authuser add au1 PASSWORD=\{ au1_pw \} > proxyuser add pu1 auth_user_name=au1 backend_user_name=bu1 > proxyuser addmember ftp-grp pu1This example assumes C shell. The backslash \ before the brackets is the escape key from special characters { and }. For Bourne shell, the backslash is not necessary.
Since there are typically many users to administer, this is a good task to automate with a script.
-
-
Add a rule to allow the FTP proxy for the proxy user group, ftp-grp.
# ssadm edit Policy edit> Add Rule ftp USER ftp-grp ALLOW PROXY_FTP FTP_GET FTP_CHDIR edit> save # ssadm activate Policy
-
-
Test the FTP Proxy with RADIUS authentication:
FTP proxy login
ftp sunscreen_fw
Username@Hostname
bu1@ftp_server
Password
bu1_radpw@bu1_pw
# ftp sunscreen_fw Username@Hostname: radius_user@ftp_server Password: radius_user_pw@password_at_ftp_server
- © 2010, Oracle Corporation and/or its affiliates