RADIUS Authentication

Remote Authentication Dial-In User Service (RADIUS) networking protocol operates on port 1812. RADIUS provides centralized Authentication, Authorization, and Accounting management for users to connect and use a network service. RADIUS can be used as an external authentication service to login to Harmony Controller. A RADIUS server can act as a proxy client to other RADIUS servers or other kinds of authentication servers.

To configure Harmony Controller attribute on RADIUS servers

You must add the Harmony Controller attribute under /usr/share/freeradius/dictionary.a10. The following procedure applies to FreeRADIUS server or client. However, you can follow the same method to configure the attribute on servers such as Onelogin.

  1. Install FreeRADIUS or any other RADIUS client or server.

  2. Add $INCLUDE /usr/share/freeradius/dictionary.a10 to the dictionary file at /etc/radius/dictionary.

  3. Create a file dictionary.a10 at /usr/share/freeradius/dictionary.a10 and add the following content.

# A10-Networks dictionary
# Created by Software Tools of A10 Networks.
#

VENDOR A10-Networks 22610
BEGIN-VENDOR A10-Networks

#
#       Admin
#
#
ATTRIBUTE       A10-Admin-Access-Type                   4       string
ATTRIBUTE       A10-Admin-Role                          5       string
ATTRIBUTE   A10-AX-AUTH-URI               6     string
ATTRIBUTE   A10-Harmony-Access-Groups           100   string


#VALUE           A10-Admin-Privilege             Read-only-Admin                1
#VALUE           A10-Admin-Privilege             Read-write-Admin               2
#VALUE           A10-Admin-Privilege             System-Admin                   3
#VALUE           A10-Admin-Privilege             Network-Admin                  4
#VALUE           A10-Admin-Privilege             Network-Operator               5
#VALUE           A10-Admin-Privilege             Slb-Service-Admin              6
#VALUE           A10-Admin-Privilege             Slb-Service-Operator           7
#VALUE           A10-Admin-Privilege             Partition-Read_write           8
#VALUE           A10-Admin-Privilege             Partition-Network-Operator     9
#VALUE           A10-Admin-Privilege             Partition-SlbService-Admin     10
#VALUE           A10-Admin-Privilege             Partition-SlbService-Operator  11
#VALUE           A10-Admin-Privilege             Partition-Read-Only            12


END-VENDOR A10-Networks
  1. Add Harmony IP or other networks as radius clients to a configuration file at /etc/raddb/clients.conf.

  2. Configure the user and access group by editing the users file at /etc/raddb/users. The following example shows the attribute with default root provider.

Cleartext-Password = "password"
User-Name = "Provider User",
A10-Harmony-Access-Groups = "root:hc_provider_admin-root|p8:hc_provider_admin-p8|p1:hc_provider_admin-p1"

To configure RADIUS authentication for new provider

  1. Log in to Harmony Controller as super-admin.

  2. Create a new provider and activate the provider-admin user account. On the activation page, user can set the authentication type for the provider.

    _images/Radius.png

3. Select RADIUS from the Select Authentication drop-down. Enter Comma separated Radius Hosts, Port, Retries, and a Shared Secret key to encrypt a password. Step 4: Click Validate to validate the details.

_images/auth-serv-validn1.png

Harmony Controller does not store the user ID and password that you provide. User must test or authenticate the connection on the remote server. A confirmation message is displayed on successful validation.

  1. Click Save.

To set RADIUS authentication process for provider login

  1. Log in to Harmony Controller as provider-admin.

  2. Go to Organization > Authentication > Change Authentication Provider page.

    _images/edit_config_radius.png
  3. Select RADIUS from the Authentication Type drop-down menu. Enter Comma separated Radius Hosts, Port, Retries, and a Shared Secret key to encrypt password.

  4. Click Validate to validate the details.

    _images/auth-serv-validn1.png

Harmony Controller does not store the user ID and password that you provide. User must test or authenticate the connection on the remote server. A confirmation message is displayed on successful validation.

  1. Click Save.