Modify RADIUS
Overview
This function specifies the external server (RADIUS server) that is used for authentication when logging in.
Up to two RADIUS Authentication servers can be registered.
Select "Enable" or "Disable" for RADIUS Authentication of each storage system.
If RADIUS Authentication fails when "No" has been selected for "Recovery Mode" in the RADIUS Setting field, logging in to Web GUI will not be available.
RADIUS Authentication cannot be used when logging in to the Slave CM.
When "Yes (Communication error)" has been selected for "Recovery Mode" in the RADIUS Setting field, Internal Authentication (*1) is performed if authentication fails in both the primary and the secondary servers due to a network error in either or both of the servers.
*1 : This is the standard authentication type. Internal Authentication uses user account information stored in the storage system to verify the input user account.
When using RADIUS Authentication, registering user account information (user ID, password, and role) in RADIUS server is required. For details, refer to the manuals provided with the server.
Even if the RADIUS Authentication function has been changed to "Disable", RADIUS setting information in the storage system is maintained.
User Privileges
Availability of Executions in the Default Role
Default role | Availability of executions |
---|---|
Monitor | |
Admin | |
StorageAdmin | |
AccountAdmin | |
SecurityAdmin | |
Maintainer |
Refer to "User Roles and Policies" for details on the policies and roles.
Settings
In this screen, select enable or disable for RADIUS Authentication, specify the recovery mode, and perform the RADIUS Authentication server settings.
RADIUS Setting
Item | Description | Setting values |
---|---|---|
RADIUS Authentication |
Select whether to "Enable" or "Disable" RADIUS Authentication.
|
Enable Disable (Default) |
Recovery Mode |
When "Enable" has been specified in the "RADIUS Authentication" field, select the desired operation if RADIUS Authentication fails. If RADIUS Authentication fails when "No" has been selected for "Recovery Mode", logging in to Web GUI will not be available. Selecting "Yes" is recommended.
|
Yes (Communication error / Authentication error) (Default) Yes (Communication error) No |
Primary Server (required) / Secondary Server
Item | Description | Setting values |
---|---|---|
Domain Name/IP Address |
Input the domain name or the IP address of the RADIUS server. There are two methods to specify an IP address; "IPv4" and "IPv6". The following IPv6 addresses can be used; "link local address", "global address", "unique local address", or "6to4 address". Refer to "Available IPv6 Address" for details. When the current setting is displayed, the IPv6 address is displayed as an abbreviation. |
For domain name specification Up to 64 alphanumeric characters and symbols For IPv4 address xxx.xxx.xxx.xxx xxx: 1 - 255 for the top field (decimal) xxx: 0 - 255 for other fields (decimal) For IPv6 address xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx xxxx: 0 - ffff (FFFF) (hexadecimal, alphanumeric characters) Refer to "IPv6 Address Notation" for details. |
Port No. |
Input the port number that is used for RADIUS Authentication. |
Numeric characters 1 - 65535 1812 (Default) |
LAN Port |
Select the LAN port from "MNT" or "RMT" that is to be used for RADIUS Authentication. |
MNT (Default) RMT |
Authentication Mode |
Select the authentication method for RADIUS Authentication from "CHAP" and "PAP". |
CHAP (Default) PAP |
Shared Secret |
Input the same Shared Secret as the RADIUS server. |
Up to 64 alphanumeric characters and symbols |
Retry Out Time |
Select the total time (seconds) for waiting for a response from the RADIUS server. The storage system retries authentication during the specified time (seconds), and if there is no response in the specific time, regards the situation as a network error. |
10 20 30 (Default) 40 50 60 |
Operating Procedures
Click [Modify RADIUS] in [Action].
Specify parameters, and click the [Modify] button.
→ A confirmation screen appears.
Caution- An error screen appears in the following conditions:
Each parameter fails to satisfy the input conditions
The primary server is not specified
There is an unspecified parameter for the server
The "Domain Name/IP Address" of the Primary server overlaps with that of the Secondary server
- An error screen appears in the following conditions:
Click the [OK] button.
→ The RADIUS setting starts.
CautionAn error screen appears if the specified IP address of the RADIUS server conflicts with the internal IP address of the storage system.
Click the [Done] button to return to the [Define Role] screen.