RADIUS Configuration
Caution:
When the appliance RADIUS service is enabled, all directory users log in using RADIUS. To create a directory user, see Configuring Users.Oracle ZFS Storage Appliance supports the RADIUS (Remote Authentication Dial-In User Service) directory service for centralized authentication of directory users.
The RADIUS service is a client-server protocol used in conjunction with a RADIUS server to authenticate directory users for logging in to remote systems, such as Oracle ZFS Storage Appliance.
Much like the appliance’s LDAP service, the RADIUS service communicates with another server that contains the user database.
RADIUS provides authentication by supporting classic password-based authentication, as well as supporting multi-factor authentication, which requires additional authentication using such schemes as challenge-response authentication and one-time password authentication. Multi-factor authentication adds a layer of security to help prevent unauthorized access.
The RADIUS server, not Oracle ZFS Storage Appliance, controls the authentication process and controls the prompts for required information.
The Oracle ZFS Storage Appliance RESTful API supports RADIUS authentication when only a single response is required, such as a password. Authentication sequences requiring multiple prompts and responses, such as a password, a challenge, and a response to the challenge, are not supported.
As detailed in the following topics, this section describes how to configure Oracle ZFS Storage Appliance for use with RADIUS servers, and how to monitor the RADIUS servers from the appliance: