Lumeta Systems Administrators
About RADIUS-Enabled Lumeta
While RADIUS is enabled . . .
- If the RADIUS server is intended for use in providing two-factor authentication, check with your RADIUS administrator to find out what you may need to use either a PIN+pass code (if Fob-Style is set to profile stype) or you can generate a pass code by putting your PIN in an RSA SecurToken ID program.
- You will authenticate to the Lumeta CLI by entering your RADIUS pass code instead of your user password.
- You will authenticate to the Lumeta GUI by entering your RADIUS pass code instead of your user password in the Password field. The Lumeta GUI will look the same.
Configuring via CLI
RADIUS is configured from the Lumeta CLI as follows:
- Log in to the Lumeta CLI.
- At the command prompt, enter
system radius
.configure <secret> <radius_server_ip>
Enabling RADIUS
When you are ready to enable the RADIUS server . . .
- At the CLI command prompt, enter
system radius enable
. - Exit the CLI.
Checking Status
To check the RADIUS configuration and state . . .
- Log in to the Lumeta CLI.
- At the command prompt, enter
system radius
.
RADIUS enable/disabled state, secret, and RADIUS server IP display. - Exit the CLI.
Disabling RADIUS
To disable the RADIUS server . . .
- Log in to the Lumeta CLI.
- At the command prompt, enter
system radius disable.
- Exit the CLI.
CLI RADIUS Command Summary | |||
---|---|---|---|
system radius | Displays the server address, secret, RADIUS status (e.g., enabled or disabled) | ||
system radius configure <secret> <radius-server-ip> | Set the RADIUS server address and shared secret | ||
system radius enable | Starts the RADIUS server. | ||
system radius disable | Stops the RADIUS server. |
Configuring via GUI
Configuring RADIUS via GUI
RADIUS is configured from the Lumeta GUI as follows:
- Browse to Settings > Lumeta Systems.
- Select the local system.
- Click Manage RADIUS Authentication.
The authentication page displays.
Input the Shared Secret provided by your RADIUS server administrator.
Input the IP address of your RADIUS server or its fully qualified domain name (FQDN).
Click Submit Configuration.
Toggle RADIUS Authentication Enabled to On.
RADIUS is enabled. Going forward, input your pass code in response to all Lumeta prompts for your password. The Shared Secret and the Server Address fields will be populated with your credentials going forward.Important
Use your RADIUS pass code when this service is enabled.
API + Radius
When RADIUS is enabled, use your Lumeta password or your API-Only User Access Key (for post-3.2.1 systems only) as the authorize API password
parameter. Do not use your RADIUS pass code in this case.
Fallback
If Lumeta cannot contact the RADIUS server, it will failover to allowing users to log in using the user's UID and password. For example, if an Lumeta user was created with the password abcd123 and the enabled RADIUS server cannot be reached, the user will be able to successfully authenticate to Lumeta using password abcd123. This is only true in a failover situation.
Root Access
When a superuser starts a bash shell (via the CLI's support bash command) and then runs the su command to become root, that superuser enters the root password for the Lumeta system. The RADIUS server is not contacted.