You can authenticate administrators and Web Portal users using RADIUS or TACACS+ authentication methods.
Before you begin
You must have an external authentication server that provides RADIUS or TACACS+ authentication methods.
The Management Server’s internal user database does not allow external authentication servers to query the administrator account information. To
use external authentication, you must manually create an account both in the SMC for
defining the permissions and in the external directory for logon authentication. The administrator’s user name for the Management
Server and for the directory that the external authentication server uses must match exactly.
For more details about the product and how to configure features, click Help or press F1.
Steps
-
Add one of the following types of server elements to integrate the external server, then define the shared secret used in the
communications in the server element.
-
Add an Access rule that allows traffic from your Management Server to the external authentication server.
-
Select Configuration, then
browse to Network Elements.
-
Browse to .
-
Right-click the Management Server, then select Properties.
-
From the RADIUS Method or TACACS+ Method drop-down list, select the authentication
protocol for authenticating the Management Server’s communications with the external authentication server.
The supported RADIUS authentication protocols are PAP, CHAP, MSCHAP, MSCHAP2, and EAP-MD5.
The supported TACACS+ authentication protocols are ASCII, PAP, CHAP, and MSCHAP.
CAUTION:
To guarantee the security of the SMC, communications between
the Management Server and the external authentication server must remain confidential. We recommend transferring these
connections over secure networks only.
-
(RADIUS Authentication Servers only) Set up the external server for use with the Management Server.
-
Define the Management Server as a RADIUS client on your server.
-
Define the same authentication method on your server as you selected in the Management Server properties in the previous step.
-
In the Management Client, configure RADIUS or TACACS+ authentication in the properties of each Administrator or Web Portal User account.
-
Select
Configuration, then browse to Administration.
-
Select .
-
Right-click an Administrator element, then select Properties.
-
From the Authentication drop-down list, select RADIUS or TACACS+.
-
From the Authentication Method drop-down list, select an Authentication Method element, or click Select to select a different
Authentication Method element.
-
Click OK.