Service manual
Chapter 3: Security 47
To configure RADIUS authorization on the console server to access the
serial ports:
1. In CLI mode, enter the following string.
cli> config physicalports <serial port number> access users/groups
<list of users or group names separated by commas>
2. Activate and save your configuration.
To configure an LDAP authentication server:
On the LDAP server, edit the info attribute for the user and add the following syntax.
info: group_name=<Group1>[,<Group2>,...,<GroupN>];
To configure LDAP authorization on the console server to access the serial ports:
1. In CLI mode, enter the following string.
cli> config physicalports <'all' or range/list[1-xx]> access users/
groups <list of users or group names separated by commas>
2. Activate and save your configuration.
One Time Password (OTP) Authentication
This section describes the procedures required to set up and configure OTP (one-time password)
for OTP authentication type. OPIE (one-time passwords in everything) software on the Cyclades
ACS 5000 console server supports OTP authentication to access the serial ports.
OPIE software on the console server supports the OTP authentication method and the OTP/Local
fallback option for serial ports. The OTP authentication method is supported for dial-ins through
external modem.
See http://www.freebsd.org/doc/en/books/handbook/one-time-passwords.html for more details
about OTP.
OTP authentication configuration tasks
Console server administrators must perform the following tasks to set up and configure OTP.
• Mount the OTP database on any of the following storage units.
radiussvctype <yes/no> Set to “no” to authorize the ACS console server to retrieve the
level of user based on the group_name attribute sent by the
RADIUS server. Set to “yes” to authorize the ACS console
server to retrieve the level of the user (admin or regular) based
on the Service-Type attribute from the RADIUS server.
Table 3.9: Radius Configuration Parameters (Continued)
Parameter Value Description