Using RADIUS Authentication to Access the ETERNUS AF/DX
-
RADIUS Authentication is used to authenticate logging in to the ETERNUS AF/DX with ETERNUS Web GUI or ETERNUS CLI.
-
Up to two RADIUS servers can be connected to an ETERNUS AF/DX.
-
To use RADIUS Authentication, the user account information (user ID, password, and role) that is allowed to access ETERNUS AF/DX in the RADIUS server must be pre-registered.
-
There are two types of authentication methods: CHAP and PAP.
-
User roles are specified in the Vendor Specific Attribute (VSA) of the Access-Accept response from the server. The following table shows the syntax of the VSA based account role on the RADIUS server.
Syntax of the Vendor Specific Attribute (VSA) Based Account Role
Item |
Size (octets) |
Value |
Description |
---|---|---|---|
Type |
1 |
26 |
Attribute number for the Vendor Specific Attribute |
Length |
1 |
7 or more |
Attribute size (calculated by server) |
Vendor-Id |
4 |
211 |
Fujitsu Limited (SMI Private Enterprise Code) |
Vendor type |
1 |
1 |
Eternus-Auth-Role |
Vendor length |
1 |
2 or more |
Attribute size described after the Vendor type (calculated by server) |
Attribute-Specific |
1 or more |
ASCII characters |
List of one or more role names assignable to successfully authenticated users (*1) |
*1 | : | The server-side role names are case sensitive and must be set correctly. [Example] RoleName0 |