HP StorageWorks 2/16V HP StorageWorks Fabric OS 5.X Procedures User Guide (AA- - Page 48
Windows 2000, Enabling clients, Enabling CHAP
View all HP StorageWorks 2/16V manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 48 highlights
Enabling clients Clients are the switches that use the RADIUS server; each client must be defined. By default, all IP addresses are blocked. On dual-CP switches (Core Switch 2/64, SAN Director 2/128, and 4/256 SAN Director), the switch sends its RADIUS request using the IP address of the active CP. When adding clients, add both the active and standby CP IP addresses so that users can still log in, in case of a failover. 1. Open the $PREFIX/etc/raddb/client.config file in a text editor and add the switches that are to be configured as RADIUS clients. For example, to configure the switch at IP address 10.32.170.59 as a client: client 10.32.170.59 secret = Secret shortname = Testing Switch nastype = other In this example, shortname is an alias used to easily identify the client and Secret is the shared secret between the client and server. Make sure that the shared secret matches that configured on the switch (see "Adding a RADIUS server to the switch configuration" on page 51). 2. Save the file $PREFIX/etc/raddb/client.config and then start the RADIUS server as follows: $PREFIX/sbin/radiusd Windows 2000 Configuring RADIUS service on Windows 2000 consists of the following tasks: • Installing Internet Authentication Service (IAS). For more information and instructions on installing IAS, see the Microsoft® web site. • Enabling the Challenge Handshake Authentication Protocol (CHAP). If CHAP authentication is required, Windows must be configured to store passwords with reversible encryption. Reverse password encryption is not the default behavior; it must be enabled. NOTE: If a user is configured prior to enabling reverse password encryption, the user's password is stored and cannot use CHAP. To use CHAP, the password must be reentered after encryption is enabled. If the password is not reentered, CHAP authentication does not work and the user is then unable to authenticate from the switch. • Configuring a user: IAS is the Microsoft implementation of a RADIUS server and proxy. IAS uses the Windows native user database to verify user login credentials; it does not list specific users, but instead lists user groups. Each user group should be associated with a specific switch login role. For example, configure a user group for root, admin, factory, switchAdmin, and user, and then add any users whose logins you want to associate to the appropriate group. Enabling CHAP 1. From the Windows Start menu, select Programs > Administrative Tools > Local Security Policy to open the Local Security Settings window. 2. In the Local Security Settings window, expand the Account Policies folder and select the Password Policy folder. 3. From the list of policies in the Password Policy folder, right-click Store password using reversible encryption for all users in the domain, and select Security from the pop-up menu. An additional Local Security Settings window opens. 4. Select the Enabled radio button and then click OK. 48 Configuring standard security features