Specifications
Additional Setup Options
BIG-IPĀ® Reference Guide 12 - 15
2. Create the file /etc/raddb/servers. Each line should contain the host
name of the radius server to connect to, and the secret used by that
server (see Figure 12.7). For security reasons, we recommend that
you use IP addresses instead of host names for the entries in this
file. If you specify a host name for an entry, we recommend that you
add the host name to the /etc/hosts file.
3. Edit the /etc/login.conf file. Locate these lines at the top of the file.
Replace my_radius_server with the hostname of your RADIUS
server. The hostname you specify must also exist in the
/etc/raddb/servers file you created in step 2 (see Figure 12.8).
4. Change the default configuration to include the radius-default
section like this (see Figure 12.9):
5. Before logging out, test the configuration by using SSH to connect
to the BIG-IP. That way you can correct any configuration errors
which could prevent you from logging in to the BIG-IP.
Configuring LDAP login support
To configure the BIG-IP for LDAP authentication, you need to modify the
/etc/login.conf file. You can configure LDAP authentication on the BIG-IP
with LDAP servers that store passwords in encrypted or hashed format, or
you can configure the BIG-IP to handle LDAP servers that use plain text
passwords.
# this is the /etc/raddb/server file
# format is <radius server> <secret>
radius.test.net testing123
Figure 12.7 The location of the secret in /etc/raddb/servers
radius-defaults:auth=passwd:\
:auth-ssh=radius,passwd:\
:radius-server=my_radius_server:
Figure 12.8 The radius-defaults settings for RADIUS authentication
default:\
:path=/bin /usr/bin /usr/contrib/bin:\
:datasize-cur=16M:\
:tc=radius-defaults:
Figure 12.9 Example default settings for RADIUS login support