Skip to main content
Hitachi Vantara Knowledge

Configuring connections to RADIUS servers

For RADIUS authentication of an HCP user account, the HCP system must have network access to one or more RADIUS servers. To enable HCP to communicate with RADIUS, each RADIUS server must have at least one IPv4 or IPv6 address that is routable from the [hcp_system] network. To add and manage connections to one or more RADIUS servers, you use the RADIUS page in the HCP System Management Console. To display this page, in the top-level menu, select Security RADIUS.

NoteTo add, view, test, and manage connections to RADIUS servers, you need the security role.

Understanding the RADIUS server list

The RADIUS page lists the currently configured RADIUS servers. For each server, the page shows:

  • The relative order in which HCP contacts the server.
  • The hostname of the RADIUS server or the IPv4 or IPv6 address that HCP uses to communicate with the RADIUS server.
  • The number of the UDP port on which the RADIUS server listens for authentication requests from HCP.
  • The protocol the RADIUS server uses to authenticate users.

HCP does not limit the number of servers you can add to this list.

Adding a RADIUS server

To add a RADIUS server for remote authentication:

  1. On the RADIUS page in the System Management Console, click Add RADIUS Server.
  2. In the Add RADIUS Server panel:
    • In the RADIUS Host field, type the host name of the RADIUS server or the IP address that HCP uses to communicate with the RADIUS server.

      If you specify the RADIUS server host name, then at least one IPv4 or IPv6 address assigned to the RADIUS server must be routable from the [hcp_system] network.

      If you specify an IPv4 or IPv6 address assigned to the RADIUS server, then that IP address must be routable from the [hcp_system] network.

      Optionally, if a RADIUS server has multiple IP addresses that are routable from the [hcp_system] network, you can configure multiple RADIUS server list entries for that server — one list entry for each routable IP address.

    • In the Port field, type the number of the UDP port on which the RADIUS server listens for authentication requests from HCP. Typically, this is port number 1812.
    • In the Shared Secret field, type the text string that serves as a password for communications between HCP and the RADIUS server. The text string can contain any characters, including white space, and can be any length.
    • In the Retries field, type the number of times HCP should try again to contact the RADIUS server before giving up. Valid values are integers greater than or equal to zero.
    • In the Timeout field, type the number of seconds HCP should wait for a response from the RADIUS server before retrying the request. Valid values are integers greater than or equal to zero. A value of 0 tells HCP to wait indefinitely.
    • For Protocol, select the protocol the RADIUS server uses to authenticate users.
  3. Click Add RADIUS Server.
TipAfter adding a RADIUS server, test the connection to it.

Testing the connection to a RADIUS server

You test the connection to a RADIUS server by sending the server a username and password it knows about. HCP indicates that the test was successful if all of these conditions apply:

  • The connection information is correct.
  • The RADIUS server is running.
  • The specified user name and password are known to the RADIUS server.

If any of these conditions don’t apply, HCP indicates that the test failed.

NoteA successful test does not log the user in.

Testing the connection to a RADIUS server

Before you begin

To add, view, test, and manage connections to RADIUS servers, you need the security role.

You can test the connection to a RADIUS server.

Procedure

  1. On the RADIUS page in the System Management Console, click the test control (Test control icon) for the server you want to test.

  2. In the Test RADIUS Server window, in the Username field, type the user name to use for the test.

  3. In the Password field, type the password that goes with the specified user name.

  4. Click Test RADIUS Server.

    If the test is successful, the panel displays this message:
    Connected to RADIUS server and user was authenticated successfully.
  5. When you’re done testing the connection, click Cancel.

Modifying a RADIUS server

Before you begin

To add, view, test, and manage connections to RADIUS servers, you need the security role.

Procedure

  1. On the RADIUS page in the System Management Console, click the edit control (Edit control icon) for the server you want to modify.

  2. In the Edit RADIUS Server window, make the changes you want.

    If you leave the Shared Secret field empty, the previously set shared secret remains in effect.
  3. Click Update RADIUS Server.

  4. Click Close.

Reordering RADIUS servers

When checking a login with remote authentication, HCP contacts the RADIUS servers in the order in which they’re listed on the RADIUS page until one authenticates the user. If none of the servers authenticate the user, the user cannot log in.

You can change the order in which HCP contacts multiple RADIUS servers. If you have configured separate RADIUS server list entries for multiple IP addresses assigned to the same server, you can change the order in which HCP attempts to use those IP addresses to connect to the RADIUS server. To do this, on the RADIUS page in the System Management Console:

  • To move a RADIUS server host name or IP address up in the list, click the move up control (move up control icon) for that entry in the RADIUS server list.
  • To move a a RADIUS server host name or IP address down in the list, click the move down control (move down control icon) for that entry in the RADIUS server list.

Deleting a RADIUS server

Before you begin

To add, view, test, and manage connections to RADIUS servers, you need the security role.

Procedure

  1. On the RADIUS page in the System Management Console, click the delete control (Delete control icon) for the RADIUS server IP address or host name you want to delete.

  2. In response to the confirming message, click Delete.

 

  • Was this article helpful?