User authentication through RADIUS servers (HNAS server only)

Storage System User Administration Guide for Hitachi NAS Platform

Version
15.3.x
Audience
anonymous
Part Number
MK-92HNAS013-31

Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting management for computers to connect and use a network service.

RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The SMU acts as a RADIUS client component that communicates with the RADIUS server to validate logins. The RADIUS server is usually a background process running on a Unix or Microsoft Windows server.

RADIUS serves three functions:
  • Authenticates users or devices before granting them access to a network.
  • Authorizes those users or devices for certain network services.
  • Accounts for usage of those services.
The RADIUS server compatibility is as follows:
  • For IPv4 only, works with FreeRADIUS 2.1 or Windows 2003 Internet Authentication Service (IAS).
  • For IPv6, requires FreeRADIUS 2.2 or Windows 2008 Network Policy Server (NPS).

Configuring user authentication through a RADIUS server requires the following:

  • The RADIUS server must be set up and operational.
  • The SMU must be able to communicate with the RADIUS server using the network.
  • You must know the RADIUS server's:
    • IP address or DNS name.
    • Authentication port.
    • Shared secret for the SMU.

You can specify and prioritize multiple RADIUS servers for authentication.

Note: The SMU contacts RADIUS servers in order of priority; the SMU will always try to contact higher priority servers before lower priority servers, and you cannot map SMU users to authenticate through a specific RADIUS server. If you specify an incorrect secret or there are network problems that prevent the SMU from communicating with the highest priority RADIUS server, the SMU will try to contact the secondary RADIUS server, then the third RADIUS server, then the next server, until the SMU has tried to contact all the RADIUS servers in the list.