Manualshelf

User`s guide

ManualsBrandsAPC ManualsNetwork RouterNetwork Management Card AP9617
51525354555657585960
®
USER’S GUIDE
Network Management Card
57
3. Vendor Specific Attributes (VSAs) can be used instead of the Service-Type
attributes provided by the RADIUS server. VSAs requires a dictionary entry and a
RADIUS users file. In the dictionary file, define the names for the ATTRIBUTE and
VALUE keywords, but not for the numeric values. If you change numeric values,
RADIUS authentication and authorization will fail. VSAs take precedence over
standard RADIUS attributes.
Configuring a RADIUS server on UNIX
®
with shadow passwords
If UNIX shadow password files are used (/etc/passwd) with the RADIUS dictionary files,
the following two methods can be used to authenticate users:
If all UNIX users have administrative privileges, add the following to the RADIUS
“user” file. To allow only Device Users, change the APC-Service-Type to Device.
DEFAULT Auth-Type = System
APC-Service-Type = Admin
Add user names and attributes to the RADIUS “user” file, and verify password
against /etc/passwd. The following example is for users bconners and thawk:
bconners Auth-Type = System
APC-Service-Type = Admin
thawk Auth-Type = System
APC-Service-Type = Device
Supported RADIUS servers
APC supports FreeRADIUS, Microsoft Windows 2000 Server, and Microsoft Windows
2000 RADIUS Server. Other commonly available RADIUS applications may work but
have not been fully tested by APC.