RADIUS Security
With the RADIUS server up and running, find out the service ports that the RADIUS server is using. The service ports will usually be 1645/udp for authentication and 1646/udp for accounting. To set up RADIUS security:
1.Log on to the RAC as superuser and run admin. Enable security on the RAC by entering:
admin: set annex enable_security y
2.Configure the RADIUS host.
a.Set the RAC’s RADIUS host.
admin: set annex pref_secure1_host <ip addr of radius host>
b.Set the RAC’s service port for authentication on the RADIUS host. admin: set annex radius_auth1_port <1645 or 1812>
c.Set the RAC’s accounting host.
admin: set annex radius_acct1_host <ip addr of radius acct1 host>
d.Set the RAC’s service port for accounting on the RADIUS acct1 host. admin: set annex radius_acct1_port <1646 or 1813>
e.Set the authentication protocol on the RAC. admin: set annex auth_protocol radius
3.Enable the RADIUS client on the RAC. admin: set annex enable_radius_acct y
Note: The secret entries made in Steps 6 and 7 must be made in the clients file on the RADIUS server for the RAC with the same <secret>.
4.Set the secret authentication password that is shared between the RADIUS host and the RAC.
admin: set annex radius_auth1_secret <secret>
5.Set the secret accounting password that is shared between the RADIUS host and the RAC.
6.admin: set annex radius_acct1_secret <secret>
12 |
