With the release of version 5.6, both Radius and LDAP remote authentication can be configured on a system. Radius will take precedence over LDAP, and is the first authorization request sent out. If Radius authentication is rejected or if the Radius Server is not available, then LDAP authorization is requested.
It is also possible to configure only Radius authentication.
Configure the Radius Server
To configure radius authentication, provide the following information in the configuration of the authority:
secret (removed) <--- testing123
Configure Radius Users
Radius authentication is locally administered and remotely authenticated.
admin@conductor-node-1.Conductor# create user
Full Name: Test
Authentication Type (remote or local): remote
Roles (space separated): admin
Enabled (true or false): true
Account 'test' successfully created
LDAP User Authentication
LDAP users are remotely administered and remotely authenticated. For information about configuring LDAP users, please refer to LDAP User Account Requirements.
Local users are locally administered and locally authenticated.
create user command allows administrators to create user accounts for user and administrative access to the SSR router's management port. Issuing the
create user <username> prompts for the new user's full name, password, whether they are an administrative or basic user, and the enabled/disabled state of that user account.
firstname.lastname@example.org# create user jdeveloper
Creating account "jdeveloper"...
Full Name: Joe Developer
Authentication Type (remote or local): local
Password: <not echoed to screen>
Confirm: <not echoed to screen>
Role (user | admin) [user]: admin
Account "jdeveloper" successfully created
Password requirements have been updated in version 5.6. Please refer to Password Policies for more information.