Issue
Using Zentyal Linux FreeRADIUS along with APC Network Management Card Devices
Product Line
- Network Management Card 1 - AP9617, AP9618, AP9619
Devices with an embedded Network Management Card 1 include (but are not limited to): Metered/Switched Rack PDUs (AP78XX, AP79XX), Rack Automatic Transfer Switches (AP77XX, Environmental Monitoring Units (AP9320, AP9340, NetBotz 200)
- Network Management Card 2 - AP9630/AP9630CH, AP9631/AP9631CH, AP9635/35CH
Environment
- v3.X.X AOS or higher
- All serial numbers
- RADIUS users
Cause
These instructions are provided as a guide for users utilizing FreeRADIUS v2.1.10, specifically performed on Zentyal Linux 3.3. Other FreeRADIUS installations may benefit from these instructions but have not been specifically tested.
Resolution
Step 1: Creating users
- Go to the office tab on the left hand pane->User and Computers->Manage. Add the users here:
(setting the users passwords here means that you do not have to declare the passwords in the users file)
Step 2: Adding the RADIUS client
- Go to Gateway->RADIUS Under General Configuration you need to add the RADIUS client (the IP/device you want to use RADIUS Authentication on).
- Give your Client a name and enter in the IP address of the device you wish to add. You also add the Shared Secret password in this section. Click on Add to finish adding the RADIUS client. Your RADIUS client is added to the list of RADIUS Clients now.
Step 3: Adding your RADIUS Server to your APC device
- Log into the interface of your APC Network Management Card enabled device. In this example, we will do the configuration via the web interface. It can also be completed via telnet or SSH depending on your model and firmware version.
- v3.X.X, v5.X.X firmware: Go to the Administration tab->Security->RADIUS->and modify one of the default server configurations.
- v6.X.X firmware: Go to the Configuration->Security->Remote Users->RADIUS and modify one of the default server configurations.
- Enter in the details of the RADIUS Server and the username/password and check the credentials (the username you test here is one that you added to your user section in Step 1). By default, the user will have read-only access.
Once the RADIUS server is added correctly you will see the following:
Step 4: SSH into your FreeRADIUS server
- When you SSH into your FreeRADIUS server, check the clients.conf file to make sure your devices are listed there. The location of the clients.conf file is under /etc/freeradius. You can see the Shared Secret password in this file for the particular device you added as a RADIUS Client.
- Check the contents of the dictionary.apc file under /usr/share.dictionary.apc.
Step 5: Modifying your Users file for specify users
- Navigate to /etc/freeradius. Type nano users on the command prompt. (This command will allow you to edit the file).
The below example screenshot of the users file indicates that userA has Administrator access. User apc has device access. All other users not defined in this file have read only access.
- Once you have edited the file, restart the FreeRADIUS service to make sure the syntax is correct. To restart the service, enter the following command:
It will show the following if no errors exist:
Once all the above steps have been performed, log into one of the devices you added as a RADIUS client and test to verify it is authenticating properly.