Adding a RADIUS server

Storage System User Administration Guide for Hitachi NAS Platform

Version
15.3.x
Audience
anonymous
Part Number
MK-92HNAS013-31
  1. Navigate to Home > SMU Administration > RADIUS Servers to display the RADIUS Servers page.
  2. Click add to display the Add RADIUS Server page.

    Add RADIUS Server

    Field/Item Description
    RADIUS server IP address or DNS name To connect with the RADIUS server, specify an IPv4 or IPv6 address, or a host name (host name is not recommended). An IP address is preferred, both because it eliminates the dependency on the network DNS sever(s), and to improve login performance.

    The SMU Network Configuration page (navigate to Home > SMU Administration > SMU Network Configuration) shows the active IP addresses. It is recommended that IPv4 on eth0 and the current IPv6 addresses be added to the "allowed client" list on each RADIUS server. For more information on setting up the SMU Network Configuration for IPv6, see the Network Administration Guide.

    Shared Secret Specify the shared secret.

    Some RADIUS Servers limit the length of the shared secret and require that it be comprised only of characters that can be typed on a keyboard which uses only 94 out of 256 possible ASCII characters.

    If the shared secret must be a sequence of keyboard characters, choose shared secrets that are at least 22 characters long and consisting of a random sequence of upper and lower case letters, numbers, and punctuation.

    • To ensure a random shared secret, use a computer program to generate a random sequence at least 22 characters long. Windows 2008 Server allows you to generate a shared secret when adding the RADIUS client.
    • The SMU will support a shared secret from 1 up to 128 characters.
    • Use a different shared secret for each RADIUS server-RADIUS client pair.
    Port Specify the RADIUS server authentication port. The default RADIUS server authentication port is 1812, but you should check with the RADIUS server administrator to make sure that 1812 is the correct port.
    Protocol The protocol for the RADIUS server.
    Timeout Specify the timeout, which is the number of seconds the SMU waits before retrying (retying is re-transmitting the authentication request to the same RADIUS server). The default is 3 seconds. If the timeout is reached and there is no response from the first RADIUS server in the list, the SMU attempts another retry.
    Retry Count Specify the retry count. The default is 3. When the retry limit is reached, the SMU sends the request to the next RADIUS server in the list. When the retry limit for the second server is reached, the SMU attempts to reach the next server in the list, until there are no more servers to try. If there are no more servers to try, the user cannot be authenticated, and the login fails.
    OK When you are done making changes, click OK to test connectivity and save the configuration for this RADIUS server and return to the RADIUS Servers page.
    cancel Exits without saving the configuration.