Raritan Computer SX4 用户手册
A
PPENDIX
D:
RADIUS
S
ERVER
107
Appendix D: RADIUS Server
Note: This section has been provided for reference only. Please consult your local system administrator
for exact implementation details.
for exact implementation details.
Overview
The details of installing and configuring the RADIUS server software will depend on the Server you are
using. This Appendix covers the installation and configuration of the Windows 2000 RADIUS Server, but
regardless of the implementation, there are several items you must configure:
1. A list of authorized clients and their shared secrets: The RADIUS server must have the IP addresses
using. This Appendix covers the installation and configuration of the Windows 2000 RADIUS Server, but
regardless of the implementation, there are several items you must configure:
1. A list of authorized clients and their shared secrets: The RADIUS server must have the IP addresses
of all authorized RADIUS clients. Along with each client's address is a secret. It is not critical what the
secret is as long as this same secret is also configured into the client (Dominion SX unit). The
RADIUS client and server use the secret to encrypt parts of the packets they send to each other and to
guarantee that the messages and replies are authentic. In Windows 2000 implementations, this file is
called clients. Please refer to Step D. in the Install and Configure the RADIUS Server for Windows
2000 section that follows for more information.
secret is as long as this same secret is also configured into the client (Dominion SX unit). The
RADIUS client and server use the secret to encrypt parts of the packets they send to each other and to
guarantee that the messages and replies are authentic. In Windows 2000 implementations, this file is
called clients. Please refer to Step D. in the Install and Configure the RADIUS Server for Windows
2000 section that follows for more information.
2. A list of authorized users and their configuration information: The RADIUS server must know
passwords, users, what these users are authorized to do after they log in. In Windows 2000
implementations, Administrators can use Active Users and Directory or Local Authentication to add
users. Information about the user is stored as a list of RADIUS protocol attributes and associated
values. These translate directly into the authentication reply the server will send back to the client.
implementations, Administrators can use Active Users and Directory or Local Authentication to add
users. Information about the user is stored as a list of RADIUS protocol attributes and associated
values. These translate directly into the authentication reply the server will send back to the client.
3. Reply items used by Dominion SX Products: The following attributes are used by Dominion SX
products:
•
Vendor-Specific: This Attribute is available to allow Raritan to support more detailed resource control.
To control the number of ports being accessed by a particular user, a new Vendor code is added for
Raritan Systems. The Vendor code takes a value of 8267 and the String to be entered should follow
this format:
Raritan Systems. The Vendor code takes a value of 8267 and the String to be entered should follow
this format:
−
IP Address of the Dominion SX unit separated by a ‘:’
−
Privileges to be given to the user, separated by a ‘:’ Privileges should take one of the following
values:
A for Administrator: has Read and Write access to the console window; can modify the configuration of the
unit.
O for Operator: has Read and Write access to the console window; cannot modify the configuration of the
unit.
OB for Observer: has Read-only access to the console window; cannot modify the configuration of the unit.
unit.
O for Operator: has Read and Write access to the console window; cannot modify the configuration of the
unit.
OB for Observer: has Read-only access to the console window; cannot modify the configuration of the unit.
−
Port number access, taking a value of:
‘*’ indicating access to all the ports.
‘1:2:3’ indicating access to ports 1, 2 and 3 only.
‘1:2:3’ indicating access to ports 1, 2 and 3 only.
Note: For more information and examples, please see Step E. in the Install and Configure the RADIUS
Server for Windows 2000 section that follows.
Server for Windows 2000 section that follows.
•
Service-Type: You must specify characteristics of the service provided to the user by specifying the
desired Service-Type in each user profile. The reply items in each user profile determine how the user's
session is configured on the Dominion SX unit.
session is configured on the Dominion SX unit.