Configuring RADIUS
System administrators can configure Oracle ILOM to use a Remote Authentication Dial-In User Service (RADIUS) to authenticate users. This service is based on a client-server query model that uses a shared secret password to authenticate users. The Oracle ILOM RADIUS client and RADIUS server must know the shared secret password since this password is never transmitted over the network.
The property for the RADIUS service state, in Oracle ILOM, is disabled by default. To enable the RADIUS service state and configure Oracle ILOM properties as a RADIUS client, see the following table.
Table 3-27 Enabling Oracle ILOM to Use RADIUS Client Server Authentication
User Interface Configurable Target:
|
||
---|---|---|
Property | Default Value | Description |
State ( |
Disabled |
Disabled |Enabled To configure Oracle ILOM as a RADIUS client. set the State Property to Enabled. When the State property is enabled, Oracle ILOM sends user login data to the RADIUS server for user authentication and authorization. CLI RADIUS State Syntax: set /SP/clients/radius/ state=disabled|enabled |
Roles ( |
Operator |
Administrator |Operator |Advanced To define which features in Oracle ILOM are accessible to RADIUS authenticated users, set the default Roles property to one of the three Oracle ILOM user roles: Administrator (a|u|c|r|o), Operator (c|r|o), Advanced (a|u|c|r|o|s). Authorization levels for using features within Oracle ILOM are dictated by the privileges granted by the configured Oracle ILOM user role. For a description of privileges assigned, see the user role and user profile tables listed in the Related Information section below. CLI Roles Syntax: set /SP/clients/radius/ defaultrole=administrator|operator|a|u|c|r|o|s Related Information: |
Address ( |
0.0.0.0 |
IP address| DNS host name (LDAP Server) To configure a network address for RADIUS server, populate the Address property with the RADIUS server IP address or DNS host name. If a DNS host name is specified, then the DNS configuration properties in Oracle ILOM must be properly configured and operational. CLI Address Syntax: set /SP/clients/radius/ address=radius_server ip_address|ldap_server_dns_host_name Related Information: |
Port ( |
1812 |
1812 | User-specified TCP port TCP port 1812 is used by Oracle ILOM to communicate with the RADIUS server. If necessary, configure Oracle ILOM to use another port by modifying the default Port number: 1812 CLI Port Syntax: set /SP/clients/radius/ port=number |
Shared Secret ( |
N/A |
Populate the Shared Secret property with the known RADIUS client server shared password. The RADUS client server model uses the shared password to recognize each other, and to protect sensitive user credential data. CLI Shared Secret Syntax: set /SP/clients/radius/ secret=password |
Alternate RADIUS Servers |
N/A |
In cases where the primary RADIUS server is unavailable, you can optionally configure Oracle ILOM to use an alternate RADIUS server for user authentication. You can specify up to 5 alternate RADIUS server configurations. Note: The properties for Alternate RADIUS Servers is available for configuration as of Oracle ILOM 3.2.6. For web configuration instructions, click the More details ... link at the top of the User Management RADIUS page. CLI Alternate RADIUS Servers: set /SP/clients/radius/alternateservers/1|2|3|4|5/ address=radius_server ip_address|ldap_server_dns_host_name port=number secret=password Note: In the case of a failover, Oracle ILOM will query the alternate server ID configurations in the order they are listed. For example, ID 1, ID 2, and so on. |
Save |
N/A |
Web interface. To apply changes made to properties within the RADIUS Settings page, you must click Save. |