This article describes, how to configure RADIUS server and Versa Director for authenticating users for accessing Versa Director.
Prerequisite
- Versa Director is installed and at least one NMS organization is Created
- RADIUS server is installed.(Here we have installed & configured FREERADIUS server Version 2.1.12 on Ubuntu 14.04).Configure management ip for the server.
- RADIUS server is reachable from Vera Director through eth0 interface.
- RADIUS server listening on eth0 10.192.78.200 on port 1812
Configuration
Step 1 : In VD GUI , Click on Administration tab on top panel. Expand Connectors tab in left pane to select Authentication. Click on the ‘+ ‘ button to add a new authentication connector.
Step 2 : Provide name for the connector in Name field. Select radio button next to Radius to select RADIUS as authenticating protocol. Provide IP address of RADIUS server and port number on which RADIUS server is listening. Default port number is 1812. Give a secret string in text field under Secret String parameter. This string must match on the Secret Key or String configured on RADIUS server.
Step 3 : Navigate to Organizations tab on left pane. Select an organization to which you want to add this connector for authentication. Here we are choosing Provider Organization. Click on Provider to open it.
Step 4 : From drop-down menu under Authentication Connector, Select the RADIUS connector that we created. Click OK to apply
Step 5 : Add Versa specific configuration to RADIUS server to complete the integration.
SSH into the RADIUS server. Open the clients.conf file in the vi editor
sudo vi /etc/freeradius/clients.conf
Enter the configuration such as Versa Director IP address, Secret which should be same on Versa Director RADIUS connector configuration, optionally add short name to this client configuration as shown. Save and exit the file
Create a new dictionary file to define Versa specific attributes. We create the dictionary in /usr/share/freeradius folder.
sudo vi /usr/share/freeradius/dictionary.versa
Please remember, Versa has assigned Vendor ID 42359 that needs to be mentioned in this dictionary file
Enter the ATTRIBUTES, 1 per line as shown below. Save and exit the editor.
Include this versa specific dictionary in the default RADIUS dictionary.
Open the default dictionary in editor using command sudo vi /etc/freeradius/dictionary and add the following lines.
Define the users to be authenticated using RADIUS. Open the users file
sudo vi /etc/freeradius/users
Here we are defining two users.
- Alex as a Provider user and,
- John as Tenant1 user.
Restart the RADIUS server for the configuration to take effect using command.
sudo service freeradius --full-restart
All the necessary configuration are done. Now try to login to the Versa Director GUI using username and password defined in RADIUS server. Versa has different username conventions for Provider and Tenant user. With Provider user we add @System and with Tenant user we add @Tenant1 ,where Tenant1 is the Tenant(Organization) name.
Alex is provider user, so we use Alex@System
John is a Tenant1 user, so the username is John@Tenant1
