Miscellaneous Procedures > Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers > Configuring a RADIUS Authentication Server on the Command Line

Configuring a RADIUS Authentication Server on the Command Line
The following list defines the values that to define when configuring a RADIUS authentication server on the OnSite.
auth1 server[:port] secret [timeout] [retries]
acct1 server[:port] secret [timeout] [retries]
where:
auth1: The first RADIUS authentication server.
acct1: The first RADIUS accounting server.
server: The RADIUS server IP address.
port: Optional. The default port name is “radius” and is looked up through /etc/services.
secret : The shared password required for communication between the OnSite and the RADIUS server.
timeout : How long the authentication server should wait before sending a success or failure response. The default is 3 seconds.
retries : The number of times the RADIUS server is tried before the second defined RADIUS server is contacted. The default is 2.
To Configure a RADIUS Authentication Server on the Command Line
1.
On the OnSite, open the /etc/raddb/server file for editing.
2.
Make an entry for the RADIUS server (auth1), an accounting server (acct1), and if desired, make an entry for a second RADIUS authentication server (auth2) and for a second accounting server (acct2), by performing the following steps for each server.
a.
b.
c.
d.
e.
The following screen example shows entries that define the RADIUS authentication server and the accounting server to be the same server with the same IP address, sets the secret to cyclades, the timeout to 5 seconds, and the number of retries to 5.
Note: Always configure both parameters auth1 and acct1.
3.
Multiple RADIUS servers can be configured in this file. The servers are tried in the order in which they appear. If a server fails to respond, the next configured server is tried.
To Configure User or Group Authorization for Accessing Serial Ports [CLI]
1.
2.
Enter the parameters shown in the following screen example, followed by a comma-separated list of usernames or groupnames.
cli > config physicalports serial_port_number access
users/groups comma-separated_list_of_usernames_or_groupnames
3.
cli > config savetoflash

Miscellaneous Procedures > Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers > Configuring a RADIUS Authentication Server on the Command Line