Configuring Radius Server Support With Windows 2000 - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual

Save the file $PREFIX/etc/raddb/client.config and then start the RADIUS server as follows:
$PREFIX/sbin/radiusd

Configuring RADIUS server support with Windows 2000

The instructions for setting up RADIUS on a Windows 2000 server are listed here for your convenience but
are not guaranteed to be accurate for your network environment. Always check with your system
administrator before proceeding with setup.
NOTE: All instructions involving Microsoft Windows 2000 can be obtained from www.microsoft.com or
Microsoft documentation. Confer with your system or network administrator prior to configuration for any
special needs you network environment may have.
Configuring RADIUS service on Windows 2000 consists of the following tasks:
1. Installing internet authentication service (IAS)
For more information and instructions on installing IAS, see the Microsoft website.
2. Enabling the Challenge Handshake Authentication Protocol (CHAP)
If CHAP authentication is required, Windows must be configured to store passwords with reversible
encryption. Reverse password encryption is not the default behavior; it must be enabled.
If a user is configured prior to enabling reverse password encryption, the user's password is stored and
cannot utilize CHAP. To use CHAP, the password must be re-entered after encryption is enabled. If the
password is not re-entered, CHAP authentication will not work and the user will be unable to
authenticate from the switch.
3. Configuring a user
IAS is the Microsoft implementation of a RADIUS server and proxy
database to verify user login credentials; it does not list specific users, but instead lists user groups.
Each user group should be associated with a specific switch login role. For example, you should
configure a user group for root, admin, factory, switchadmin, and user, and then add any users whose
logins you want to associate to the appropriate group.
4. Configuring the server
For more information and instructions on configuring the server, see the Microsoft website. Below is the
information you will need to configure the RADIUS server for a HP StorageWorks switch. A client is the
device that uses the RADIUS server; in this case, it is the switch.
a. For the Add RADIUS Client window, provide the following:
Client address (IP or DNS)—Enter the IP address of the switch.
Client-Vendor—Select RADIUS Standard.
Shared secret—Provide a password. Shared secret is a password used between the client device
and server to prevent IP address spoofing by unwanted clients. Keep your shared secret password in
a safe place. You will need to enter this password in the switch configuration.
After clicking Finish, add a new client for all switches on which RADIUS authentication will be used.
b. In the Internet Authentication Service window, right-click the Remote Access Policies folder; then
select New Remote Access Policy from the pop-up window.
A remote access policy must be created for each login role (Root, Admin, Factory, SwitchAdmin,
and User) for which you want to use RADIUS. Apply this policy to the user groups that you already
created.
c. In the Vendor-Specific Attribute Information window, enter the vendor code value 1588. Click Yes,
then click Configure Attribute.
d. In the Configure VSA (RFC compliant) window, enter the following values and click OK.
Vendor-assigned attribute number—Enter the value 1.
Attribute format—Enter String.
Attribute value—Enter the login role (Root, Admin, SwitchAdmin, User, etc.) the user group must use
to log in to the switch.
76 Managing user accounts
.
IAS uses the Windows native user