Partners Blog Contact Us

Super Admin: Configuring RADIUS

Follow

This article describes the following sections related to configuring radius:

Disabling FIPS Mode 

RADIUS configuration is allowed only when the Vidyo server has FIPS disabled. If FIPS is enabled, follow the procedures in this section to disable it. If FIPS is already disabled, then proceed to the Enabling RADIUS section.

To disable FIPS mode:

  1. Log in to the System Console.

    Press the Enter key after each prompt.

  2. Enter m for more options.
  3. Enter A for Advanced Options.

    Disabling_FIPS_Mode_1.png
  4. Enter 1 to disable FIPS mode.

    This setting toggles between disable and enable states.
    A message displays stating the following: CDR access and RADIUS authentication are allowed with FIPS-mode disabled.

  5. Enter y to verify disabling FIPS mode.

    Disabling_FIPS_Mode_2.png
  6. Press the Enter key on your keyboard to return to the Advanced Options menu.

Enabling RADIUS

The Remote Authentication Dial-In User Service (RADIUS) can be enabled for VidyoPortal, VidyoRouter, and VidyoGateway servers. This configuration is optional and you do not have to install it unless you plan on using RADIUS.

To enable RADIUS:

  1. Log in to the System Console.

    Press the Enter key after each prompt.

  2. Enter 19 to access the User Maintenance menu.
  3. Enter D to select the RADIUS Authentication option.
  4. Enter y for the change settings prompt.
  5. Enter y for the confirm enable radius prompt.

    Enabling_RADIUS_1.png
  6. Enter the IP or FQDN of the RADIUS server or leave blank to cancel.
  7. Enter the preshared key for the RADIUS server.
  8. Enter the IP or FQDN for additional RADIUS servers or leave blank to finish.

    A maximum of 10 RADIUS servers are supported.

  9. Enter the preshared key for the additional RADIUS server.
  10. Enter the IP or FQDN for additional RADIUS server or leave blank to finish.

    In the following screenshot, two RADIUS servers were configured causing this prompt to display. This prompt will only display if two or more RADIUS servers are being configured. If you do not have additional RADIUS servers to configure, leave blank to finish.



    RADIUS is enabled.
  11. Press any key on your keyboard to return to the User Maintenance menu.

    Enabling_RADIUS_2.png

You should always review the new RADIUS-enabled account for accuracy.

You should always review your RADIUS server configurations for accuracy.

Viewing the Current RADIUS Configuration

To view the current RADIUS configuration:

  1. Log in to the System Console.

    Press the Enter key after each prompt.

  2. Enter D to select the RADIUS Authentication option.

    The RADIUS server configurations display.
  3. Enter n for the change settings prompt if the configuration does not need to be modified.

    Enter y for the change settings prompt if the configuration needs to be modified, and proceed to step 4 in Modifying the RADIUS Configuration.



    Viewing_the_Current_RADIUS_Configuration_1.png

To view a RADIUS-enabled account:

  1. Log in to the System Console.

    Press the Enter key after each prompt.

  2. Enter 19 to access the User Maintenance menu.
  3. Enter C to select the Show User(s) option.

    A list of current users in the system displays. If the new user is set up incorrectly, then proceed to the Removing a RADIUS-Enabled Account section.

    Viewing_a_RADIUS-Enabled_Account.png
  4. Press any key on your keyboard to return to the User Maintenance menu.

Modifying the RADIUS Configuration

To modify the RADIUS configuration:

  1. Log in to the System Console.

    Press the Enter key after each prompt.

  2. Enter D to select the RADIUS Authentication option.

    The RADIUS server configurations display.
  3. Enter y for the change settings prompt if the configuration needs to be modified.

    If you enter y for the change settings prompt, then all RADIUS server configurations will need to be re-entered.

  4. Re-enter the IP or FQDN of the RADIUS server or leave blank to cancel.
  5. Re-enter the preshared key for the RADIUS server.
  6. Re-enter the IP or FQDN for additional RADIUS servers or leave blank to finish.

    A maximum of 10 RADIUS servers are supported.

  7. Re-enter the preshared key for the additional RADIUS server.
  8. Re-enter the IP or FQDN for any additional RADIUS server or leave blank to finish.

    In the following screenshot, two RADIUS servers were configured causing this prompt to display. This prompt will only display if two or more RADIUS servers are being configured. If you do not have additional RADIUS servers to configure, leave blank to finish.



    RADIUS is enabled.
  9. Press any key on your keyboard to return to the User Maintenance menu.

    Modifying.png

 

Creating a RADIUS-Enabled Account

To create a RADIUS-enabled account:

  1. Log in to the System Console.

    Press the Enter key after each prompt.

  2. Enter A for Advanced Options.
  3. Enter a unique username.

    The username must match your RADIUS User ID.
  4. Enter y for the confirm changes prompt.
  5. Enter y for the user to be authenticated via RADIUS prompt.

    Enter n if you do not want the user to be authenticated via RADIUS, and proceed to Creating a Local System Console Account.


    Creating_a_RADIUS-Enabled_Account_1.png

Disabling RADIUS Authentication

To disable RADIUS authentication:

  1. Log in to the System Console.

    Press the Enter key after each prompt.

  2. Enter 19 to access the User Maintenance menu.
  3. Enter D to select the RADIUS Authentication option.

    Details about the RADIUS server display.
  4. Enter y for the change settings prompt.
  5. Enter n for the leave RADIUS enabled prompt.

    RADIUS is disabled.
  6. Press any key on your keyboard to return to the User Maintenance menu.

    Disabling_RADIUS_Authentication_1.png

 

Removing a RADIUS-Enabled Account

To remove a RADIUS-enabled account:

  1. Log in to the System Console.

    Press the Enter key after each prompt.

  2. Enter B to select the Remove User option.
  3. Enter the username to be removed.
  4. Enter y for the confirm changes prompt.

    Removing_a_RADIUS-Enabled_Account_1.png

 

Creating a Local System Console Account

To create a local System Console account:

  1. Log in to the System Console.

    Press the Enter key after each prompt.

  2. Enter A for Advanced Options.
  3. Enter a unique username.
  4. Enter y for the confirm changes prompt.
  5. Enter n for the user to be authenticated via RADIUS prompt.
  6. Enter password for the current UNIX password.

    Enter a unique password that follows these password complexity requirements:

    • The password should not be based on the dictionary.
    • The password should not be too similar to the old password.
    • The default setting is at least three characters should be different from the old password.
    • The password should not be too simple or too short.
    • The algorithm here is a point system to satisfy the minimum password length (the default length is eight characters). The password gets extra points if it contains a number, upper case, lower case, or special character. Each point is equivalent to one character.
    • The password should not be a case change of the old password or should not be the reverse of the old password.
  7. Re-enter your new password for the retype new UNIX password prompt.

    If the passwords don’t match, you’ll be prompted to try again. If the passwords match, the System Console menu opens immediately.

When you need to reset the password, use 13. Set 'admin' password. However, if you are logged in with a RADIUS-enabled account and need to use this option, then your account will be converted back to a local System Console account with the standard default password at the next login.

 

Local_System_Console.png

In addition, when using the emergency user functionality with a RADIUS-enabled account, the account will be converted back to a local System Console account as well.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.