This document presents configuration of RADIUS server for cnMaestro user authentication.
Radius Server Details:
- Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-133-generic x86_64)
- FreeRADIUS Version 2.1.12
The Ubuntu freeradius server can be installed in the following way.
Step 1: Add package dependencies
apt-get update && apt-get install -y gcc make flex bison libwrap0-dev
Step 2: Install server
apt-get install freeradius
Step1: Configuration of freeradius in ubuntu:
- Navigate to clients.conf file using command vi /etc/freeradius/clients.conf and configure the cnMaestro NOC server IP range and secret as in below example
Note: Shared secret in cnMaestro RADIUS configuration should match with secret in clients.conf file
- Navigate to users file using command vi /etc/freeradius/users and configure as in below example. Role column should be in accordance with Role mapping entries in cnMaestro RADIUS Authentication entry.
Note: Here user1, user2, user3, user4 are the user names and the value in correspondence with Cleartext-Password is the password. User needs to use these credentials for Logging in to cnMaestro.
- Navigate to dictionary using command vi /etc/freeradius/dictionary and add a new entry ATTRIBUTE Role with value 209 and type string.
4. After configuring run freeradius –X to start RADIUS daemon and monitor requests
Step 2: Configuring cnMaestro
Navigate to Application > Users > Authentication Servers in the cnMaestro On-Premises UI to create the RADIUS Server
Note: Configure the required fields and Role mappings in accordance with the RADIUS server role values and Make sure Shared secret value is same as in clients.conf file.
Navigate to Application > Users > Authentication and set the Primary Authentication to be the RADIUS server just created. The Secondary Authentication will be automatically set to Local Users, which means if the RADIUS server is not reachable, the UI can be accessed using the Local Users database (so it is important to change the default password). If you are unable to log into the UI, you can create a One-Time password in the CLI in order to resolve the issue. (see the User Guide for details on Application Account Recovery).
Step 3: Log into cnMaestro
In separate browser, log into cnMaestro using new username and password.