Skip to main content

We've Moved!

Product Documentation has moved to docs.hitachivantara.com
Hitachi Vantara Knowledge

Configuring connections to RADIUS servers


For RADIUS authentication of an HCP user account, the HCP system must have network access to one or more RADIUS servers. To enable HCP to communicate with RADIUS, each RADIUS server must have at least one IPv4 or IPv6 address that is routable from the [hcp_system] network. To add and manage connections to one or more RADIUS servers, you use the RADIUS page in the HCP System Management Console. To display this page, in the top-level menu, select Security RADIUS.

RoleWebHelp.png

Roles: To add, view, test, and manage connections to RADIUS servers, you need the security role.

For information about RADIUS authentication of HCP user accounts, see User authentication.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

Understanding the RADIUS server list


The RADIUS page lists the currently configured RADIUS servers. For each server, the page shows:

The relative order in which HCP contacts the server. For more information about this, see Reordering RADIUS servers.

The hostname of the RADIUS server or the IPv4 or IPv6 address that HCP uses to communicate with the RADIUS server.

The number of the UDP port on which the RADIUS server listens for authentication requests from HCP.

The protocol the RADIUS server uses to authenticate users.

HCP does not limit the number of servers you can add to this list.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

Adding a RADIUS server


To add a RADIUS server for remote authentication:

1.On the RADIUS page in the System Management Console, click Add RADIUS Server.

2.In the Add RADIUS Server panel:

oIn the RADIUS Host field, type the hostname of the RADIUS server or the IP address that HCP uses to communicate with the RADIUS server.

If you specify the RADIUS server hostname, then at least one IPv4 or IPv6 address assigned to the RADIUS server must be routable from the [hcp_system] network.

If you specify an IPv4 or IPv6 address assigned to the RADIUS server, then that IP address must be routable from the [hcp_system] network.

NoteWebHelp.png

Note: Optionally, if a RADIUS server has multiple IP addresses that are routable from the [hcp_system] network, you can configure multiple RADIUS server list entries for that server — one list entry for each routable IP address.

oIn the Port field, type the number of the UDP port on which the RADIUS server listens for authentication requests from HCP. Typically, this is port number 1812.

oIn the Shared Secret field, type the text string that serves as a password for communications between HCP and the RADIUS server. The text string can contain any characters, including white space, and can be any length.

oIn the Retries field, type the number of times HCP should try again to contact the RADIUS server before giving up. Valid values are integers greater than or equal to zero.

oIn the Timeout field, type the number of seconds HCP should wait for a response from the RADIUS server before retrying the request. Valid values are integers greater than or equal to zero. A value of 0 tells HCP to wait indefinitely.

oFor Protocol, select the protocol the RADIUS server uses to authenticate users.

3.Click Add RADIUS Server.

TipWebHelp.png

Tip: After adding a RADIUS server, test the connection to it, as described in Testing the connection to a RADIUS server.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

Testing the connection to a RADIUS server


You test the connection to a RADIUS server by sending the server a username and password it knows about. HCP indicates that the test was successful if all of these conditions apply:

The connection information is correct.

The RADIUS server is running.

The specified username and password are known to the RADIUS server.

If any of these conditions don’t apply, HCP indicates that the test failed.

NoteWebHelp.png

Note: A successful test does not log the user in.

To test the connection to a RADIUS server:

1.On the RADIUS page in the System Management Console, click the test control ( RadiusServerTestControl.png ) for the server you want to test.

2.In the Test RADIUS Server window:

oIn the Username field, type the username to use for the test.

oIn the Password field, type the password that goes with the specified username.

3.Click Test RADIUS Server.

If the test is successful, the panel displays this message:

Connected to RADIUS server and user was authenticated successfully.

4.When you’re done testing the connection, click Cancel.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

Modifying a RADIUS server


To modify a RADIUS server:

1.On the RADIUS page in the System Management Console, click the edit control ( EditControl.png ) for the server you want to modify.

2.In the Edit RADIUS Server window, make the changes you want.

If you leave the Shared Secret field empty, the previously set shared secret remains in effect.

3.Click Update RADIUS Server.

4.Click Close.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

Reordering RADIUS servers


When checking a login with remote authentication, HCP contacts the RADIUS servers in the order in which they’re listed on the RADIUS page until one authenticates the user. If none of the servers authenticate the user, the user cannot log in.

You can change the order in which HCP contacts multiple RADIUS servers. If you have configured separate RADIUS server list entries for multiple IP addresses assigned to the same server, you can change the order in which HCP attempts to use those IP addresses to connect to the RADIUS server. To do this, on the RADIUS page in the System Management Console:

To move a RADIUS server hostname or IP address up in the list, click the move up control ( RadiusServerMoveUpControl.png ) for that entry in the RADIUS server list.

To move a a RADIUS server hostname or IP address down in the list, click the move down control ( RadiusServerMoveDownControl.png ) for that entry in the RADIUS server list.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

Deleting a RADIUS server


To delete a RADIUS server IP address or hostname from the RADIUS server list:

1.On the RADIUS page in the System Management Console, click the delete control ( DeleteControl.png ) for the RADIUS server IP address or hostname you want to delete.

2.In response to the confirming message, click Delete.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

 

  • Was this article helpful?