Manuals / Tripp Lite / Computer Equipment / Network Card

Tripp Lite B096-016, 93-2879, B096-048 owner manual 119, Radius authentication

Models: 93-2879 B096-016 B096-048

1 224

Download 224 pages 57.82 Kb

Page 119

administrative control over the authentication and authorization processes. TACACS+ allows for a single access control server (the TACACS+ daemon) to provide authentication, authorization, and accounting services independently. Each service can be tied into its own database to take advantage of other services available on that server or on the network, depending on the capabilities of the daemon. There is a draft RFC detailing this protocol. Further information on configuring remote TACACS+ servers can be found at the following sites:

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml

http://www.cisco.com/en/US/products/sw/secursw/ps4911/products_user_guide_chapter09186a0 0800eb6d6.html

http://cio.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_c/scprt2/sctplu s.htm

9.1.3RADIUS authentication

Perform the following procedure to configure the RADIUS authentication method to be used whenever the Console Server or any of its serial ports or hosts is accessed:

Select Serial and Network: Authentication and check RADIUS or LocalRADIUS or RADIUSLocal or RADIUSDownLocal

Enter the Server Address (IP or host name) of the remote Authentication/ Authorization server. Multiple remote servers may be specified in a comma-separated list. Each server is tried in succession

In addition to multiple remote servers, you can also enter for separate lists of Authentication/Authorization servers and Accounting servers. If no Accounting servers are specified, the Authentication/Authorization servers are used instead

Enter the Server Password

Click Apply. RADIUS remote authentication will now be used for all user access to Console Server and serially or network attached devices

RADIUS The Remote Authentication Dial-In User Service (RADIUS) protocol was developed by Livingston Enterprises as an access server authentication and accounting protocol. The RADIUS server can support a variety of methods to authenticate a user. When it is provided with the username and original password given by the user, it can support PPP, PAP or CHAP, UNIX

119

Image 119

Tripp Lite B096-016, 93-2879, B096-048 owner manual 119, Radius authentication

Contents

Console Server Management Switch Index Failover and OUT-OF-BAND Access Alerts and Logging Authentication System Management Advanced Configuration 16.2 Advanced Control Panel 210 User Notice IntroductionThis Manual FCC InformationManual Organization Management Console Types of usersManual Conventions Publishing history Ports InstallationIntroduction ModelsPower Console Server Management Switch Power connectionKit components B092-016 Console Server with PowerAlert Serial Port connection Power Console Server with PowerAlertNetwork connection Rackmount Console / KVM Connection B092-016 only USB Port ConnectionManagement Console Connection Initial System ConfigurationBrowser connection IP addressPage Initial B092-016 connection Administrator PasswordAt the Management Console menu select System Administration Network IP address Select System AdministrationConfiguration Method 1 IPv6 configuration System Services Page Secure VNC PowerAlertPuTTY Message Changes to configuration succeededCommunications Software SSHTerm Configure Management Switch as a Management LAN gateway Management Network Configuration B096-048/016 onlyPage Page Configure Management Switch for Failover or Broadband OoB Serial Port and Network Host Configuring Serial PortsCommon Settings Console Server Mode Page Page Page Terminal Server Mode SDT ModeDevice RPC, UPS, EMD Mode Serial Bridging Mode Syslog Add/Edit UsersPage Page Network Hosts AuthenticationPage Select Serial & Network Trusted Networks Trusted NetworksCheck Generate SSH keys automatically and click Apply Serial Port CascadingAutomatically generate and upload SSH keys Public Key Select RSA Keys and/or DSA KeysManually generate and upload SSH keys # ssh remhost Configure the Slaves and their serial ports Managing the Slaves Configure dial-in PPP Failover and OUT-OF-BAND AccessOoB Dial-In Access Modem Port Check the Enable Dial-In Access boxMSCHAPv2 Using SDT Connector client for dial-inSet up Windows XP/ 2003/Vista client for dial-in NoneSet up earlier Windows clients for dial-in Broadband Ethernet Failover B096-048/016 only OoB Broadband Access B096-048/016 onlySet up Linux clients for dial-in Page Dial-Out Failover Page Introduction Secure Tunneling and SDT ConnectorSDT Connector Configuration Configuring for SDT Tunneling to HostsRun the set-up program SDT Connector client installationConfiguring a new gateway in the SDT Connector client Page Make an SDT connection through the gateway to a host Manually adding hosts to the SDT Connector gateway Manually adding new services to the new hosts Page Adding a client program to be started for the new service Choosing an alternate SSH client e.g. PuTTY Dial-in configurationPage Page Page Page SDT Connector to Management Console Page Page Pon networkconnection Importing and exporting preferences SDT Connector Public Key AuthenticationSetting up SDT for Remote Desktop Access Desktop Connection Configure the Remote Desktop Connection clientClick Connect Color depth 8, 16 OptionOn a Macintosh client SDT SHH Tunnel for VNC Install, configure and connect the VNC Viewer Page Page Page Select Allow calling computer to specify its own address Set up SDT Serial Ports on Console Server Page Select Alerts & Logging Smtp &SMS Configure SMTP/SMS/SNMP/Nagios alert serviceAlerts and Logging Email alertsSMS alerts Select Alerts & Logging Snmp Snmp alertsNetwork Serial Ports refer to Chapter Activate Alert Events and NotificationsNagios Alerts Alert Add a new alert Page Configuring environment and power alert type 100 Remote Log Storage101 Serial Port LoggingLevel Network TCP or UDP Port Logging102 RPC connection Remote Power Control RPC103 Click Add RPC 104RPC status User power management105 RPC alertsManaged UPS connections Uninterruptible Power Supply Control UPSPower on Power OFF Power Cycle Power Status 106107 108 109 Configure UPS powering the Console Server110 Configuring powered computers to monitor a Managed UPSOverview of Network UPS Tools NUT 111UPS alerts UPS status112 113 Environmental Monitoring114 Connecting the EMDEnvironmental status 115Environmental alerts 116 117 AuthenticationAuthentication Configuration 118 Enter the Server Password119 Radius authentication120 Ldap authentication121 RADIUS/TACACS user configuration122 PAM Pluggable Authentication Modules123 Secure Management Console Access124 125 Nagios IntegrationNagios Overview 126 Central managementCheck Prefer NRPE, Nrpe Enabled and Nrpe Command Arguments Set up distributed Console ServersSelect Serial Port from the Serial & Network menu Click Console Server Mode and select Logging LevelClick New Check and select Check TCP. Select Port Configuring Nagios distributed monitoring Page Select System Nagios and check Nrpe Enabled Enable Nrpe monitoringConfigure selected Serial Ports for Nagios monitoring Enable Nsca monitoringSelect System Nagios and check Nsca Enabled Permitted Service Configure selected Network Hosts for Nagios monitoringConfigure the upstream Nagios monitoring host Sample Nagios configuration Advanced Distributed Monitoring ConfigurationTripplitenrpedaemondep Hostname Tripplite Additional plug-ins Basic Nagios plug-insPage System Management System Administration and ResetUpgrade Firmware Select the Enable NTP checkbox on the Network Time Protocol Configure Date and TimeStatistics Port Access and Active UsersSelect the Status Port Access Status ReportsSelect Status Syslog Support ReportsSyslog Select Alerts & Logging Syslog Remote System LoggingLocal System Logging Port & Host Management ManagementDevice Management Select Manage Terminal Power ManagementSelect Manage Power Serial Port Terminal ConnectionSSH Select Manage KVM Console Server Remote Console Access B092-016 onlyPage Introduction Basic Configuration Linux CommandsDescription Linux Command lineConfig Tool Syntax Options Etc/config/config.xmlAuthentication Configuration Administration ConfigurationSystem Settings Network Time Protocol Date and Time ConfigurationManually Change Clock Settings Static IP ConfigurationTime Zone ATQ0V1H0 Dial-in ConfigurationServices Configuration Serial Port Settings Serial Port ConfigurationUsers Supported Protocol ConfigurationTrusted Networks Remote Serial Port Log Storage Event Logging ConfigurationSDT host TCP Ports Alert ConfigurationPage Config -e Output File Configuration backup and restoreGeneral Linux command usage Http//en.tldp.org/HOWTO/HOWTO-INDEX/howtos.html Introduction Advanced ConfigurationPmshell Advanced PortmanagerPmusers PmchatExternal Scripts and Alerts Portmanager DaemonPage Accessing the Console Port Raw Access to Serial PortsAccess to Serial Ports IP- Filtering Standard IP-Filter configurationEtc/config/ipfilter Customizing the IP-Filter Etc/config/filter-custom Resources Modifying Snmp ConfigurationEtc/config/snmpd.conf Adding more than one Snmp server SSH Overview Secure Shell SSH Public Key Authentication$ ssh-keygen -t rsadsa Generating Public Keys LinuxInstalling SSH Public Key Authentication Linux Installing the SSH Public/Private Keys ClusteringChown fred /etc/config/users/fred/.ssh/authorizedkeys Generating public/private keys for SSH Windows OpenSSH OpenSSH Windows Fingerprinting IT is Possible That Someone is Doing Something Nasty SSH tunneled serial bridgingClient Keys $ ssh-keygen -t rsadsa Authorized Keys SDT Connector Public Key AuthenticationSecure Sockets Layer SSL Support Generating an encryption key HttpsInstalling the key and certificate PowerMan Power Strip ControlTarget Specification Adding new RPC devices PmpowerPage Synopsis IPMItoolDescription Security Commands Ipmitool chassis help Scripts for Managing SlavesSelect Status Support Report Thin Client B092-016 Local Client Service ConnectionsPage Connect- browser Connect- serial terminalConnect- VNC Connect- SSH Connect- Ipmi Connect- Remote Desktop RDP Connect- Citrix ICA OptionSystem Terminal Connect- PowerAlertAdvanced Control Panel Status System Shutdown / RebootSystem Logout CustomRemote control Appendix a Hardware Specification Serial Port Pinout Appendix B Serial Port ConnectivityConnectors included in Console Server Appendix C End User License Agreement Page JSch License Page Page SUN Java License Page Tripp Lite 1111 W th Street Chicago IL 60609 USA Limited WarrantyWarranty Registration 200903108 93-2879EN