Modify RADIUS

Overview

This function specifies the external server (RADIUS server) that is used for authentication when logging in.

Up to two RADIUS Authentication servers can be registered.

Caution

  • Select "Enable" or "Disable" for RADIUS Authentication of each storage system.

  • If RADIUS Authentication fails when "No" has been selected for "Recovery Mode" in the RADIUS Setting field, logging in to Web GUI will not be available.

  • RADIUS Authentication cannot be used when logging in to the Slave CM.

  • When "Yes (Communication error)" has been selected for "Recovery Mode" in the RADIUS Setting field, Internal Authentication (*1) is performed if authentication fails in both the primary and the secondary servers due to a network error in either or both of the servers.

    *1  :  This is the standard authentication type. Internal Authentication uses user account information stored in the storage system to verify the input user account.
Note

  • When using RADIUS Authentication, registering user account information (user ID, password, and role) in RADIUS server is required. For details, refer to the manuals provided with the server.

  • Even if the RADIUS Authentication function has been changed to "Disable", RADIUS setting information in the storage system is maintained.

User Privileges

Availability of Executions in the Default Role

Default role Availability of executions
Monitor  
Admin
StorageAdmin  
AccountAdmin
SecurityAdmin  
Maintainer  

Refer to "User Roles and Policies" for details on the policies and roles.

Settings

In this screen, select enable or disable for RADIUS Authentication, specify the recovery mode, and perform the RADIUS Authentication server settings.

RADIUS Setting

Item Description Setting values

RADIUS Authentication

Select whether to "Enable" or "Disable" RADIUS Authentication.

  • Enable

    Use RADIUS Authentication.

  • Disable

    Use Internal Authentication.

Enable

Disable (Default)

Recovery Mode

When "Enable" has been specified in the "RADIUS Authentication" field, select the desired operation if RADIUS Authentication fails.

If RADIUS Authentication fails when "No" has been selected for "Recovery Mode", logging in to Web GUI will not be available.

Selecting "Yes" is recommended.

  • Yes (Communication error / Authentication error)

    When communication with the RADIUS server fails or communication with the RADIUS server succeeds but authentication fails, internal authentication is performed.

  • Yes (Communication error)

    When communication with the RADIUS server fails, internal authentication is performed.

  • No

    Even when communication with the RADIUS server fails, or communication with the RADIUS server succeeds but authentication fails, internal authentication is not performed.

Yes (Communication error / Authentication error) (Default)

Yes (Communication error)

No

Primary Server (required) / Secondary Server

Item Description Setting values

Domain Name/IP Address

Input the domain name or the IP address of the RADIUS server.

There are two methods to specify an IP address; "IPv4" and "IPv6". The following IPv6 addresses can be used; "link local address", "global address", "unique local address", or "6to4 address". Refer to "Available IPv6 Address" for details. When the current setting is displayed, the IPv6 address is displayed as an abbreviation.

For domain name specification

Up to 64 alphanumeric characters and symbols

For IPv4 address

xxx.xxx.xxx.xxx

xxx: 1 - 255 for the top field (decimal)

xxx: 0 - 255 for other fields (decimal)

For IPv6 address

xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx

xxxx: 0 - ffff (FFFF) (hexadecimal, alphanumeric characters)

Refer to "IPv6 Address Notation" for details.

Port No.

Input the port number that is used for RADIUS Authentication.

Numeric characters

1 - 65535

1812 (Default)

LAN Port

Select the LAN port from "MNT" or "RMT" that is to be used for RADIUS Authentication.

MNT (Default)

RMT

Authentication Mode

Select the authentication method for RADIUS Authentication from "CHAP" and "PAP".

CHAP (Default)

PAP

Shared Secret

Input the same Shared Secret as the RADIUS server.

Up to 64 alphanumeric characters and symbols

Retry Out Time

Select the total time (seconds) for waiting for a response from the RADIUS server.

The storage system retries authentication during the specified time (seconds), and if there is no response in the specific time, regards the situation as a network error.

10

20

30 (Default)

40

50

60

Operating Procedures

  1. Click [Modify RADIUS] in [Action].

  2. Specify parameters, and click the [Modify] button.

    → A confirmation screen appears.

    Caution
    • An error screen appears in the following conditions:

      • Each parameter fails to satisfy the input conditions

      • The primary server is not specified

      • There is an unspecified parameter for the server

      • The "Domain Name/IP Address" of the Primary server overlaps with that of the Secondary server

  3. Click the [OK] button.

    → The RADIUS setting starts.

    Caution

    • An error screen appears if the specified IP address of the RADIUS server conflicts with the internal IP address of the storage system.

  4. Click the [Done] button to return to the [Define Role] screen.