Extreme Networks ExtremeWare 7.2e Installation And User Manual page 173

When you configure the Cistron server for use with Extreme switches, you must pay close attention to
the users file setup. The Cistron RADIUS dictionary associates the word Administrative-User with
Service-Type value 6, and expects the Service-Type entry to appear alone on one line with a leading tab
character.
The following is a user file example for read-write access:
adminuser Auth-Type = System
Service-Type = Administrative-User,
Filter-Id = "unlim"
Livingston (Lucent) RADIUS
Livingston RADIUS is produced by Lucent Technologies primarily for use with their portmaster
products. Version 2.1 is released under a BSD license agreement and can be found at
ftp://ftp.livingston.com/pub/le/radius/radius21.tar.Z. As with Cistron RADIUS, the Livingston server
default dictionary associates Administrative-User with Service-Type value 6. The administrative users
file entry example for Cistron RADIUS also works with Livingston RADIUS.
RSA Ace
For users of their SecureID product, RSA offers RADIUS capability as part of their ACE server software.
With some versions of ACE, the RADIUS shared-secret is incorrectly sent to the switch resulting in an
inability to authenticate. As a work around, do not configure a shared-secret for RADIUS accounting
and authentication servers on the switch.
Limiting Max-Concurrent Sessions with Funk Software's Steel Belted Radius
For users who have Funk Software's Steel Belted Radius (SBR) server, it is possible to limit the number
of concurrent login sessions using the same user account. This feature allows the use of shared user
accounts, but limits the number of simultaneous logins to a defined value. Using this feature requires
Funk Software Steel-Belted-Radius for Radius Authentication & Accounting.
Complete the following two steps to limit the maximum concurrent login sessions under the same user
account:
1 Configure Radius and Radius-Accounting on the switch
The Radius and Radius-Accounting servers used for this feature must reside on the same physical
Radius server. Standard Radius and Radius-Accounting configuration is required as described earlier
in this chapter.
2 Modify the Funk SBR 'vendor.ini' file and user accounts
To configure the Funk SBR server, the file 'vendor.ini' must be modified to change the Extreme
Networks configuration value of 'ignore-ports' to yes as shown in the example below:
vendor-product
dictionary
ignore-ports
port-number-usage
help-id
ExtremeWare 7.2e Installation and User Guide
= Extreme Networks
= Extreme
= yes
= per-port-type
= 2000
Authenticating Users Using RADIUS or TACACS+
173