Versions Compared

Old Version 1

changes.mady.by.user Panna .

Saved on

compared with

New Version Current

changes.mady.by.user Panna .

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Drawio
custContentId
border1
baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramName4.5
zoom1
custContentId8654458
pageId26774494
8654458lbox1
contentVer1
revision1

...

  • Import Infoblox VSAs (vendor-specific attributes) to the dictionary file on the RADIUS server

  • For third-party RADIUS servers, import the Infoblox vendor file (the Infoblox vendor ID is 7779and the vendor attribute number for the group name is 9)

  • Define the admin group

  • Associate one or more remote admin accounts with the admin group

  • Add and activate a policy for the admin accounts, but do not associate the policy with a policy group that contains an infoblox-group-info attribute.

...

You can add multiple RADIUS servers to the group for redundancy. When you do, the appliance tries to connect to the first RADIUS server on the list and if the server does not respond within the maximum retransmission limit, then it tries the next RADIUS server on the list. NIOS tries to connect to each RADIUS server in the order the servers are listed. If it does not receive a response within the configured timeout period and has tried to connect the specified retry value, then it tries the next RADIUS server on the list. It logs an error to syslog when it fails to connect to any of the servers in the group.
After you add a RADIUS server to the NIOS appliance, you can validate the configuration. The appliance uses a pre-defined username and password when it tests the connection to the RADIUS server. The pre-defined user name is "Infoblox_test_user" and the password is "Infoblox_test_password". Do not use these as your administrator username and password.
To configure a RADIUS authentication server group :

  1. From the Administration tab, click the Authentication Server Groups tab.

  2. Click the Add icon in the RADIUS Services subtab.

  3. In the Add RADIUS Authentication Service wizard, complete the following:

    • Name: Enter the name of the server group.

    • RADIUS Servers: Click the Add icon and enter the following:

      • Server Name or IP Address: Enter the FQDN or the IP address of the RADIUS server that is used for authentication.

      • Comment: Enter additional information about the RADIUS server.

      • Authentication Port: The destination port on the RADIUS server. The default is 1812. This field is required only if you do not enable accounting on the RADIUS server. This field is not required if you enable accounting to configure an accounting-only RADIUS server.

      • Authentication Type: Select either PAP or CHAP from the drop-down list. The default is PAP.

      • Shared Secret: Enter the shared secret that the NIOS appliance and the RADIUS server use to encrypt and decrypt their messages. This shared secret is a value that is known only to the NIOS appliance and the RADIUS server.

      • Enable Accounting: Select this to enable RADIUS accounting for the server so you can track an administrator's activities during a session. When you enable accounting, you must enter a valid port number in the Accounting Port field.

      • Accounting Port: The destination port on the RADIUS server. The default is 1813.

      • Connect through Management Interface: Select this so that the NIOS appliance uses the MGMT port for administrator authentication communications with just this RADIUS server.

      • Disable server: Select this to disable the RADIUS server if, for example, the connection to the server is down and you want to stop the NIOS appliance from trying to connect to this server.

      • Click Test to test the configuration. If the NIOS appliance connects to the RADIUS server using the configuration you entered, it displays a message confirming the configuration is valid. If it is unable to connect to the RADIUS server, the appliance displays a message indicating an error in the configuration.

      • Click Add to add the server to the list.

When you add multiple RADIUS servers, the appliance lists the servers in the order you added them. This list also determines the order in which the NIOS appliance attempts to contact a RADIUS server. You can move a server up or down the list by selecting it and clicking the up or down arrow.
You can also delete a RADIUS server by selecting it and clicking the Delete icon.

...