How to Integrate a RADIUS server with cnMaestro

Overview

This document presents configuration of RADIUS server for cnMaestro user authentication.

Radius Server Details:

  • Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-133-generic x86_64)
  • FreeRADIUS Version 2.1.12

Installation

The Ubuntu freeradius server can be installed in the following way.

Step 1: Add package dependencies

apt-get update && apt-get install -y gcc make flex bison libwrap0-dev

Step 2: Install server

apt-get install freeradius

Step1: Configuration of freeradius in ubuntu:

  1. Navigate to clients.conf file using command vi /etc/freeradius/clients.conf and configure the cnMaestro NOC server IP range and secret as in below example

1.png

Note: Shared secret in cnMaestro RADIUS configuration should match with secret in clients.conf file

  1. Navigate to users file using command vi /etc/freeradius/users and configure as in below example. Role column should be in accordance with Role mapping entries in cnMaestro RADIUS Authentication entry.3.png

Note: Here user1, user2, user3, user4 are the user names and the value in correspondence with Cleartext-Password is the password. User needs to use these credentials for Logging in to cnMaestro.

  1. Navigate to dictionary using command vi /etc/freeradius/dictionary and add a new entry ATTRIBUTE Role with value 209 and type string.

      4. After configuring run freeradius –X to start RADIUS daemon and monitor requests

Step 2: Configuring cnMaestro

Navigate to Application > Users > Authentication Servers in the cnMaestro On-Premises UI to create the RADIUS Server

Note: Configure the required fields and Role mappings in accordance with the RADIUS server role values and Make sure Shared secret value is same as in clients.conf file.

Navigate to Application > Users > Authentication and set the Primary Authentication to be the RADIUS server just created. The Secondary Authentication will be automatically set to Local Users, which means if the RADIUS server is not reachable, the UI can be accessed using the Local Users database (so it is important to change the default password). If you are unable to log into the UI, you can create a One-Time password in the CLI in order to resolve the issue. (see the User Guide for details on Application Account Recovery).

Step 3: Log into cnMaestro

In separate browser, log into cnMaestro using new username and password.

11 Likes

5 posts were split to a new topic: cnMaestro and FreeRadius version 3