Go to main content

Oracle® ILOM Administrator's Guide for Configuration and Maintenance Firmware Release 3.2.x

Exit Print View

Updated: April 2018
 
 

Configuring RADIUS

System administrators can configure Oracle ILOM to use a Remote Authentication Dial-In User Service (RADIUS) to authenticate users. This service is based on a client-server query model that uses a shared secret password to authenticate users. The Oracle ILOM RADIUS client and RADIUS server must know the shared secret password since this password is never transmitted over the network.

The property for the RADIUS service state, in Oracle ILOM, is disabled by default. To enable the RADIUS service state and configure Oracle ILOM properties as a RADIUS client, see the following table.

Table 33  Enabling Oracle ILOM to Use RADIUS Client Server Authentication
User Interface Configurable Target:
  • CLI: /SP|CMM/clients/radius

  • Web: ILOM Administration > User Management > RADIUS Settings

  • User Role: User Management (u) (required for all property modifications)

  • Requirement: The RADIUS server must be preconfigured with users and the shared secret password.

Property
Default Value
Description
State
(state=)
Disabled
Disabled |Enabled
To configure Oracle ILOM as a RADIUS client. set the State Property to Enabled.
When the State property is enabled, Oracle ILOM sends user login data to the RADIUS server for user authentication and authorization.
CLI RADIUS State Syntax:
set /SP|CMM/clients/radius/ state=disabled|enabled
Roles
(defaultrole=)
Operator
Administrator |Operator |Advanced
To define which features in Oracle ILOM are accessible to RADIUS authenticated users, set the default Roles property to one of the three Oracle ILOM user roles: Administrator (a|u|c|r|o), Operator (c|r|o), Advanced (a|u|c|r|o|s).
Authorization levels for using features within Oracle ILOM are dictated by the privileges granted by the configured Oracle ILOM user role. For a description of privileges assigned, see the user role and user profile tables listed in the Related Information section below.
CLI Roles Syntax:
set /SP|CMM/clients/radius/ defaultrole=administrator|operator|a|u|c|r|o|s
Related Information:
Address
(address=)
0.0.0.0
IP address| DNS host name (LDAP Server)
To configure a network address for RADIUS server, populate the Address property with the RADIUS server IP address or DNS host name. If a DNS host name is specified, then the DNS configuration properties in Oracle ILOM must be properly configured and operational.
CLI Address Syntax:
set /SP|CMM/clients/radius/ address=radius_server ip_address|ldap_server_dns_host_name
Related Information:
Port
(port=)
1812
1812 | User-specified TCP port
TCP port 1812 is used by Oracle ILOM to communicate with the RADIUS server.
If necessary, configure Oracle ILOM to use another port by modifying the default Port number: 1812
CLI Port Syntax:
set /SP|CMM/clients/radius/ port=number
Shared Secret
(secret=)
Populate the Shared Secret property with the known RADIUS client server shared password. The RADUS client server model uses the shared password to recognize each other, and to protect sensitive user credential data.
CLI Shared Secret Syntax:
set /SP|CMM/clients/radius/ secret=password
Alternate RADIUS Servers
N/A
In cases where the primary RADIUS server is unavailable, you can optionally configure Oracle ILOM to use an alternate RADIUS server for user authentication. You can specify up to 5 alternate RADIUS server configurations.

Note -  The properties for Alternate RADIUS Servers is available for configuration as of Oracle ILOM 3.2.6.

For web configuration instructions, click the More details ... link at the top of the User Management RADIUS page.
CLI Alternate RADIUS Servers:
set /SP|CMM/clients/radius/alternateservers/1|2|3|4|5/ address=radius_server ip_address|ldap_server_dns_host_name port=number secret=password

Note -  In the case of a failover, Oracle ILOM will query the alternate server ID configurations in the order they are listed. For example, ID 1, ID 2, and so on.

Save
Web interface. To apply changes made to properties within the RADIUS Settings page, you must click Save.