OSD for All User Types > Configuring Authentication [OSD]

Configuring Authentication [OSD]
An administrative user can use the “Authentication” option under Configuration in the OSD to specify an authentication method for the OnSite (under “Unit Authetication) and to configure authentication servers. You need to identify an authentication server for each authentication method specified for the OnSite, for direct logins to KVM ports, or for logins to serial ports. The authentication servers must be fully configured and available for the OnSite to access over the network. Work with the system administrator of the authentication server to obtain the information you need to enter on the authentication screens.
To Configure an Authentication Method and an Authentication Server for OnSite Logins [OSD]
1.
The “Authentication” screen appears.
2.
The “Authentication Type” screen appears.
3.
See Choosing Among Authentication Methods for an explanation of each method.
The “Authentication” screen appears.
4.
See Tasks for Configuring Authentication Servers for a list of tasks for configuring authentication servers and where to find the tasks are documented.
TACACSPlus, Local/TACACSPlus, TACACSPlus/Local, or TACACSPlusDownLocal
To Configure a Kerberos Authentication Server [OSD]
Perform the following to identify the authentication server when the OnSite or any of its ports is configured to use either the Kerberos, Local/Kerberos, Kerberos/Local, or KerberosDownLocal authentication method.
Before starting this procedure, find out the following information from the Kerberos server’s administrator:
Work with the Kerberos server’s administrator to ensure that following types of accounts are set up on the Kerberos server and that the administrators of the OnSite and connected devices know the passwords assigned to the accounts:
If Kerberos authentication is specified for the OnSite, accounts for all users who need to log into the OnSite to administer connected devices.
1.
a.
The Select a Hosts screen appears.
b.
c.
See To Edit a Host [OSD] for the instructions for adding a host.
2.
Time and date synchronization is most easily achieved by setting both to use the same NTP server. See To Enable the NTP Server to Set the Time and Date [OSD] for details about how to use the OSD to specify an NTP server.
a.
3.
a.
AlterPath OnSite login: root
The root prompt appears,
b.
Enter set_timezone.
A list of timezones appears followed by a prompt asking you to enter a number of a timezone.
c.
d.
4.
5.
The “Kerberos Server IP” screen appears.
6.
7.
To Configure an LDAP Authentication Server [OSD]
Perform the following to configure the authentication server when the OnSite or any of its ports is set up to use either the LDAP, Local/LDAP, LDAP/Local, or LDAP/Down Local authentication method. Before starting this procedure, find out the following information from the LDAP server’s administrator:
An administrative user can enter information in the following two fields, but an entry is not required:
Work with the LDAP server’s administrator to ensure that the following types of accounts are set up on the LDAP server and that the administrators of the OnSite and connected devices know the passwords assigned to the accounts:
If LDAP authentication is specified for the OnSite, accounts for all users who need to log in to the OnSite to administer connected devices.
If LDAP authentication is specified for KVM ports, accounts For users who need administrative access all administrative users
(won’t they need to be root users?)
1.
2.
The LDAP Server IP screen appears with the field filled in from the current value in the /etc/ldap.conf file.
3.
The LDAP Domain Name (Search base) screen appears with field filled in from the current value in the /etc/ldap.conf file.
4.
If the LDAP authentication server uses a different distinguished name for the search base than the one displayed in the LDAP Domain Name field, change the base definition.
The default distinguished name is “dc,” as in dc=value,dc=value. If the distinguished name on the LDAP server is “o,” then replace dc in the base field with o, as in o=value,o=value.
5.
For example, for the LDAP domain name cyclades.com, the correct entry is: dc=cyclades,dc=com.
6.
7.
The changes are stored in /etc/ldap.conf on the OnSite.
To Configure a RADIUS Authentication Server [OSD]
Perform the following when the OnSite or any of its ports is configured to use either the RADIUS, Local/RADIUS, RADIUS/Local, or RADIUSDownLocal authentication methods.
1.
2.
The first RADIUS screen appears.
3.
4.
The changes are stored in /etc/raddb/server on the OnSite.
To Configure a TACACS+ Authentication Server [OSD]
Perform the following to identify the authentication server when the switch or any of its ports is configured to use either the TACACSPlus, Local/TACACSPlus, TACACSPlus/Local, or TACACSPlusDownLocal authentication method.
1.
2.
The first TACACSPlus screen appears.
3.
4.
The changes are stored in /etc/tacplus.conf on the switch.
To Configure an SMB Authentication Server [OSD]
Perform the following to identify the authentication server if any of the ports is configured to use the SMB authentication method.
1.
2.
The first SMB screen appears.
3.
4.
To Configure an NIS Authentication Server [OSD]
Perform the following to identify the authentication server when the switch or any of its ports is configured to use either the NIS, Local/NIS, NIS/Local, or NISDownLocal authentication method.
1.
2.
The first NIS screen appears.
3.
4.

OSD for All User Types > Configuring Authentication [OSD]