Configuring
RADIUS
System administrators can configure Oracle ILOM to use a Remote
Authentication Dial-In User Service (RADIUS) to authenticate users.
This service is based on a client-server query model that uses a
shared secret password to authenticate users. The Oracle ILOM RADIUS
client and RADIUS server must know the shared secret password since
this password is never transmitted over the network.
The property for the RADIUS service state, in Oracle ILOM,
is disabled by default. To enable the RADIUS service state and configure
Oracle ILOM properties as a RADIUS client, see the following table.
Table 33 Enabling Oracle ILOM to Use RADIUS Client Server Authentication
|
|
|
|
State
(state=) |
Disabled |
Disabled |Enabled
To configure Oracle ILOM as a RADIUS client. set the State
Property to Enabled.
When the State property is enabled, Oracle ILOM sends user
login data to the RADIUS server for user authentication and authorization.
CLI RADIUS State Syntax:
set /SP|CMM/clients/radius/ state=disabled|enabled |
Roles
(defaultrole=) |
Operator |
Administrator |Operator |Advanced
To define which features in Oracle ILOM are accessible to
RADIUS authenticated users, set the default Roles property to one
of the three Oracle ILOM user roles: Administrator (a|u|c|r|o),
Operator (c|r|o), Advanced (a|u|c|r|o|s).
Authorization levels for using features within Oracle ILOM
are dictated by the privileges granted by the configured Oracle
ILOM user role. For a description of privileges assigned, see the
user role and user profile tables listed in the Related Information
section below.
CLI Roles Syntax:
set /SP|CMM/clients/radius/ defaultrole=administrator|operator|a|u|c|r|o|s
Related Information:
|
Address
(address=) |
0.0.0.0 |
IP address| DNS
host name (LDAP Server)
To configure a network address for RADIUS server, populate
the Address property with the RADIUS server IP address or DNS host
name. If a DNS host name is specified, then the DNS configuration
properties in Oracle ILOM must be properly configured and operational.
CLI Address Syntax:
set /SP|CMM/clients/radius/ address=radius_server ip_address|ldap_server_dns_host_name
Related Information:
|
Port
(port=) |
1812 |
1812 | User-specified
TCP port
TCP port 1812 is used by Oracle ILOM to communicate with the
RADIUS server.
If necessary, configure Oracle ILOM to use another port by
modifying the default Port number: 1812
CLI Port Syntax:
set /SP|CMM/clients/radius/ port=number |
Shared Secret
(secret=) |
|
Populate the Shared Secret
property with the known RADIUS client server shared password. The
RADUS client server model uses the shared password to recognize
each other, and to protect sensitive user credential data.
CLI Shared Secret Syntax:
set /SP|CMM/clients/radius/ secret=password |
|
Alternate RADIUS Servers
|
N/A
|
In cases where the primary RADIUS server is unavailable, you can
optionally configure Oracle ILOM to use an alternate RADIUS server
for user authentication. You can specify up to 5 alternate RADIUS
server configurations.
Note -
The properties for Alternate RADIUS Servers is available for
configuration as of Oracle ILOM 3.2.6.
For web configuration instructions, click the More details ...
link at the top of the User Management RADIUS page.
CLI Alternate RADIUS
Servers:
set
/SP|CMM/clients/radius/alternateservers/1|2|3|4|5/
address=radius_server
ip_address|ldap_server_dns_host_name
port=number
secret=password
Note -
In the case of a failover, Oracle ILOM will query the
alternate server ID configurations in the order they are listed.
For example, ID 1, ID 2, and so on.
|
Save |
|
Web interface.
To apply changes made to properties within the RADIUS Settings page,
you must click Save. |
|