The RADIUS server can use either a database or a simple flat file as its repository of user information. The following example uses a flat file to demonstrate a minimum user configuration. The users file contains authentication and configuration information for each user. It begins with the username and the authentication (that is, the password) that is required from the user. The user/password line is followed by indented lines that are attributes to be passed back to the requesting server.
Jeff Cleartext-Password:="garbage" Class="Administrator", Oracle-MI-role="Administrator", Oracle-MI-scope="Global" Paul Cleartext-Password:="apr6279" Class="Viewer", Oracle-MI-role="Viewer", Oracle-MI-scope="Global"
When the RADIUS server has authenticated a user, it sends back various attributes with the authentication acceptance message. The CMP system uses these attributes to determine what actions the user can perform.
The best practice is to use a vendor-specific attribute (VSA) dictionary file to define what attributes to send back to the client. Figure 2 shows a sample file. The local RADIUS administrator is responsible for incorporating the VSA dictionary file onto the RADIUS server.
========== dictionary.oracle =================== # Oracle Communications VSA's, from RFC 2548 # The filename given here should be an absolute path. # # Place additional attributes or $INCLUDEs here. VENDOR Oracle 21274 BEGIN-VENDOR Oracle ATTRIBUTE Oracle-MI-role 1 string ATTRIBUTE Oracle-MI-scope 3 string END-VENDOR Oracle ======================
The attributes Oracle-MI-role and Oracle-MI-scope are for access to the CMP system. Both a scope and a role are associated with a user. The responses sent back from the RADIUS server should match what is configured in the CMP system. The defaults for the role, in ascending order of capability, are Viewer, Operator, and Administrator, but the system administrator can create other roles or remove any role except that of Administrator.
The default scope is Global, and the administrator can create other scopes within the CMP system.