Radius configuration – HP VMA-series Memory Arrays User Manual
Page 154
154
AM456-9007B Rev 02
HP VMA SAN Gateway Installation and User Guide
determines how the remote user mapping behaves. If the authenticated user name
is valid locally, no mapping is performed.
The setting has the following three possible behaviors:
•
remote-first: If a local-user mapping attribute is returned and is a valid local
user name, map the authenticated user to the local user specified in the
attribute. Otherwise, if the attribute is not present or not valid locally, use the
user specified by the default-user command. (This is the default behavior.)
•
remote-only: Only try to map a remote authenticated user if the authentication
server sends a local-user mapping attribute. If the attribute does not specify a
valid local user, no further mapping is tried.
•
local-only: All remote users will be mapped to the user specified by the
aaa
authorization map default-user
<user name>
command. Any vendor
attributes received by an authentication server are ignored.
show aaa
Shows the current authentication and authorization settings.
RADIUS Configuration
radius-server timeout <seconds>
no radius-server timeout
Sets (or resets to the default) a global communication value for all RADIUS
servers. Can be overridden in a
radius-server host
command. The default is
3. Sets the timeout for retransmitting a request to any RADIUS server. Range is 1-
60.
radius-server retransmit <retries>
no radius-server retransmit
Sets (or resets to 0) a global communication value for all RADIUS servers. Can be
overridden in a
radius-server host
command. Defaults to 1. Sets the number
of times the client will attempt to authenticate with any RADIUS server. To disable
retransmissions set it to zero. Range is 0-5.
radius-server key <string>
no radius-server key
Sets (or clears) a global communication value for all RADIUS servers. Can be
overridden in a
radius-server host
command. Sets the shared secret text
string used to communicate with any RADIUS server.