1. Oracle ZFS Storage Appliance Administration Guide, Release OS8.8.x
  2. Appliance Services
  3. Configuring Services
  4. RADIUS Configuration
  5. Configuring RADIUS Servers (CLI)

Configuring RADIUS Servers (CLI)

Use the following procedure to configure Oracle ZFS Storage Appliance for use with RADIUS servers, and then enable the RADIUS service.

Caution:

Enabling the TLS protocol is highly recommended so that critical information is sent securely.
  1. Go to configuration services radius.
  2. Enter the show command to show the RADIUS service properties:
    hostname:configuration services radius> show
Properties:
    <status> = offline
     servers =
    protocol =
      secret =
  3. Set the transport protocol and commit the change:
    hostname:configuration services radius> set protocol=tls
    protocol = tls (uncommitted)
hostname:configuration services radius> commit

    When setting the UDP protocol, set the shared secret and commit the change.

  4. Configure the list of RADIUS servers.

    • Add Server:

      1. Create the server, set the server’s name or IP address and optional port number, and commit the change. If an IPv6 port is specified, surround the IPv6 address with brackets.
        hostname:configuration services radius> create
hostname:configuration services radius (uncommitted)> set server = hostname.example.com
    server = hostname.example.com (uncommitted)
hostname:configuration services radius> commit
      2. For a TLS connection, if the certificate is not already trusted, you are prompted to accept the certificate. Enter y or n, as appropriate.

        For a UDP connection, if there is a problem contacting the service, you are prompted to confirm the settings. Enter y or n, as appropriate.

    • Change Server Name, Port Number, IP Address:
      1. List the servers to display the servers' ordinal names:
        hostname:configuration services radius> list
SERVER     STATUS      RADIUS SERVER
server-000 online      hostname.example.com
server-001 unavailable host.sample.com
      2. Select a server by its ordinal name:
        hostname:configuration services radius> select server-000
hostname:configuration services server-000>
      3. To change the server’s name and port number or the IP address, set the server property and commit the change:
        hostname:configuration services server-000> set server=name.sample.com:484
    server = name.sample.com:484 (uncommitted)
hostname:configuration services server-000> commit

      The same errors could occur as when adding a new server.

    • Remove Server:
      1. List the servers to display the servers' ordinal names:
        hostname:configuration services radius> list
SERVER     STATUS      RADIUS SERVER
server-000 online      hostname.example.com
server-001 unavailable host.sample.com
      2. To remove the server, enter the destroy command, followed by the server's ordinal name:
        hostname:configuration services server-001> destroy server-001
      3. Confirm your action.
  5. Optional: Test a server's TLS connection.
    1. List the servers to display the servers' ordinal names:
      hostname:configuration services radius> list
SERVER     STATUS      RADIUS SERVER
server-000 online      hostname.example.com
server-001 unavailable host.sample.com
    2. Select a server by its ordinal name:
      hostname:configuration services radius> select server-001
hostname:configuration services server-001>
    3. Enter command test:
      hostname:configuration services server-001> test
  6. Enable the RADIUS service.
    1. Go to configuration services radius.
    2. Enter command enable to bring the service online:
      hostname:configuration services radius> enable

Related Topics