User`s guide
®
USER’S GUIDE
Switched Rack PDU
56
1. Add the IP address of the Rack PDU to the RADIUS server client list (file).
2. Users must be configured with Service-Type attributes unless Vendor Specific
Attributes (VSAs) are defined. If no Service-Type attributes are configured, users
will have read-only access (on the Web interface only).
3. Vendor Specific Attributes (VSAs) can be used instead of the Service-Type
attributes provided by the RADIUS server. VSAs require a dictionary entry and a
RADIUS users file. In the dictionary file, define the names for the ATTRIBUTE and
VALUE keywords, but not for the numeric values. If you change numeric values,
RADIUS authentication and authorization will fail. VSAs take precedence over
standard RADIUS attributes.
Configuring a RADIUS server on UNIX
®
with shadow passwords
If UNIX shadow password files are used (/etc/passwd) with the RADIUS dictionary files,
the following two methods can be used to authenticate users:
• If all UNIX users have administrative privileges, add the following to the RADIUS
“user” file. To allow only Device Users, change the APC-Service-Type to Device.
DEFAULT Auth-Type = System
APC-Service-Type = Admin
• Add user names and attributes to the RADIUS “user” file, and verify password
against /etc/passwd. The following example is for users bconners and thawk:
bconners Auth-Type = System
APC-Service-Type = Admin
thawk Auth-Type = System
APC-Service-Type = Device
See also
For examples of the RADIUS users file with Vendor Specific Attributes (VSAs)
and an example of an entry in the dictionary file on the RADIUS server, see
the APC Security Handbook.
See also
See your RADIUS server documentation for information about the
RADIUS users file, and see the APC Security Handbook for an example.