Extreme Networks ExtremeWare XOS Guide Manual page 245

The following is a user file example for read-write access:
adminuser Auth-Type = System
Service-Type = Administrative-User,
Filter-Id = "unlim"
RSA Ace
For users of their SecureID product, RSA offers RADIUS capability as part of their ACE server software.
With some versions of ACE, the RADIUS shared-secret is incorrectly sent to the switch resulting in an
inability to authenticate. As a work around, do not configure a shared-secret for RADIUS accounting
and authentication servers on the switch.
Limiting Max-Concurrent Sessions with Funk Software's Steel Belted Radius
For users who have Funk Software's Steel Belted Radius (SBR) server, it is possible to limit the number
of concurrent login sessions using the same user account. This feature allows the use of shared user
accounts, but limits the number of simultaneous logins to a defined value. Using this feature requires
Funk Software Steel-Belted-Radius for Radius Authentication & Accounting.
Complete the following two steps to limit the maximum concurrent login sessions under the same user
account:
1 Configure Radius and Radius-Accounting on the switch
The Radius and Radius-Accounting servers used for this feature must reside on the same physical
Radius server. Standard Radius and Radius-Accounting configuration is required as described earlier
in this chapter.
2 Modify the Funk SBR 'vendor.ini' file and user accounts
To configure the Funk SBR server, the file 'vendor.ini' must be modified to change the Extreme
Networks configuration value of 'ignore-ports' to yes as shown in the example below:
vendor-product
dictionary
ignore-ports
port-number-usage
help-id
After modifying the 'vendor.ini' file, the desired user accounts must be configured for the Max-
Concurrent connections. Using the SBR Administrator application, enable the check box for 'Max-
Concurrent connections' and fill in the desired number of maximum sessions.
Extreme RADIUS
Extreme Networks provides its users, free of charge, a radius server based on Merit RADIUS. Extreme
RADIUS provides per-command authentication capabilities in addition to the standard set of radius
features. Source code for Extreme RADIUS can be obtained from the Extreme Networks Technical
Assistance Center and has been tested on Red Hat Linux.
When Extreme RADIUS is up and running, the two most commonly changed files will be users and
profiles. The users file contains entries specifying login names and the profiles used for per-command
authentication after they have logged in. Sending a HUP signal to the RADIUS process is sufficient to
ExtremeWare XOS 11.1 Concepts Guide
= Extreme Networks
= Extreme
= yes
= per-port-type
= 2000
Authenticating Users Using RADIUS or TACACS+
245