An administrative user can use the “Authentication” option under Configuration in the OSD to specify an authentication method for the OnSite (under “Unit Authetication) and to configure authentication servers. You need to identify an authentication server for each authentication method specified for the OnSite, for direct logins to KVM ports, or for logins to serial ports. The authentication servers must be fully configured and available for the OnSite to access over the network. Work with the system administrator of the authentication server to obtain the information you need to enter on the authentication screens.To Configure an Authentication Method and an Authentication Server for OnSite Logins [OSD]See Choosing Among Authentication Methods for an explanation of each method.See Tasks for Configuring Authentication Servers for a list of tasks for configuring authentication servers and where to find the tasks are documented.
Kerberos, Local/Kerberos, Kerberos/Local, or KerberosDownLocal LDAP, Local/LDAP, LDAP/Local, or LDAPADownLocal RADIUS, Local/RADIUS, RADIUS/Local, or RADIUSDownLocal TACACSPlus, Local/TACACSPlus, TACACSPlus/Local, or TACACSPlusDownLocal NIS, Local/NIS, NIS/Local, or NISDownLocal To Configure a Kerberos Authentication Server [OSD]Perform the following to identify the authentication server when the OnSite or any of its ports is configured to use either the Kerberos, Local/Kerberos, Kerberos/Local, or KerberosDownLocal authentication method.Before starting this procedure, find out the following information from the Kerberos server’s administrator:Work with the Kerberos server’s administrator to ensure that following types of accounts are set up on the Kerberos server and that the administrators of the OnSite and connected devices know the passwords assigned to the accounts:
• If Kerberos authentication is specified for the OnSite, accounts for all users who need to log into the OnSite to administer connected devices.
1. Make sure an entry for the OnSite and the Kerberos server exist in the OnSite’s /etc/hosts file.See To Edit a Host [OSD] for the instructions for adding a host.
2. Make sure that timezone and time and date settings are synchronized on the OnSite and on the Kerberos server.Time and date synchronization is most easily achieved by setting both to use the same NTP server. See To Enable the NTP Server to Set the Time and Date [OSD] for details about how to use the OSD to specify an NTP server.
AlterPath OnSite login: root
b. Enter set_timezone.A list of timezones appears followed by a prompt asking you to enter a number of a timezone.
[root@kvmnet root]# set_timezone
7. Perform the following to configure the authentication server when the OnSite or any of its ports is set up to use either the LDAP, Local/LDAP, LDAP/Local, or LDAP/Down Local authentication method. Before starting this procedure, find out the following information from the LDAP server’s administrator:An administrative user can enter information in the following two fields, but an entry is not required:Work with the LDAP server’s administrator to ensure that the following types of accounts are set up on the LDAP server and that the administrators of the OnSite and connected devices know the passwords assigned to the accounts:
• If LDAP authentication is specified for the OnSite, accounts for all users who need to log in to the OnSite to administer connected devices.
• If LDAP authentication is specified for KVM ports, accounts For users who need administrative access all administrative users
(won’t they need to be root users?)
2. The LDAP Server IP screen appears with the field filled in from the current value in the /etc/ldap.conf file.
3. Supply the IP address of the LDAP server in the LDAP Server IP field and press Enter.The LDAP Domain Name (Search base) screen appears with field filled in from the current value in the /etc/ldap.conf file.
4. If the LDAP authentication server uses a different distinguished name for the search base than the one displayed in the LDAP Domain Name field, change the base definition.The default distinguished name is “dc,” as in dc=value,dc=value. If the distinguished name on the LDAP server is “o,” then replace dc in the base field with o, as in o=value,o=value.For example, for the LDAP domain name cyclades.com, the correct entry is: dc=cyclades,dc=com.The changes are stored in /etc/ldap.conf on the OnSite.To Configure a RADIUS Authentication Server [OSD]Perform the following when the OnSite or any of its ports is configured to use either the RADIUS, Local/RADIUS, RADIUS/Local, or RADIUSDownLocal authentication methods.
4. The changes are stored in /etc/raddb/server on the OnSite.To Configure a TACACS+ Authentication Server [OSD]Perform the following to identify the authentication server when the switch or any of its ports is configured to use either the TACACSPlus, Local/TACACSPlus, TACACSPlus/Local, or TACACSPlusDownLocal authentication method.The changes are stored in /etc/tacplus.conf on the switch.Perform the following to identify the authentication server if any of the ports is configured to use the SMB authentication method.
2. Perform the following to identify the authentication server when the switch or any of its ports is configured to use either the NIS, Local/NIS, NIS/Local, or NISDownLocal authentication method.
2.