Configure RADIUS authentication

Perform this task for Space Console to offer RADIUS authentication through collaboration between a one-time password generation software product (for example, H3C E-Token) and a RADIUS server. RADIUS authentication is securer than password-based authentication.

  1. From the left navigation pane, select System > Auth Collaboration > Primary Auth > RADIUS Authentication.

    Before configuring RADIUS authentication, you must complete the Radius server configuration.

  2. Click the icon, configure the following parameters, and then click Save:

    • Server Address: Enter the IP address of a RADIUS server.

    • Authentication Protocol: Select an option from PAP, CHAP, EAP-MD5, Microsoft CHAP, and Microsoft CHAP 2. Local users support PAP, CHAP, and EAP-MD5. Domain users and LDAP users support only PAP.

    • Authentication Port: Specify a port for the authentication service. The default is 1812.

    • Accounting Port: Specify a port for the accounting service. The default is 1813.

    • Shared Key: Enter the shared key used to communicate with the RADIUS server. Make sure the shared key is the same as that configured on the RADIUS server.

    • Connection Timeout: Set the timeout period for connections between Space Console and the RADIUS server. The default is 5 seconds.

    • Password Authentication Method: Select a password authentication method. Only the combination of the account and password and the one-time password is supported.

    • Password authentication methods:

      • Account password + dynamic password: After the users enter the username and password, they must also enter a 6-digit dynamic password to log in to the client.

      • Dynamic password: Users enter the username and a 6-digit dynamic password to log in to the client. To obtain the one-time password, access a one-time password generator installed on your mobile phone (for example, H3C E-Token).

      • Account password: Users enter their username and password, which are then authenticated by the RADIUS server before they can log in to the client.

    • RADIUS Authentication State: Configure whether to enable RADIUS authentication. If RADIUS authentication is enabled, a user logs in to the client based on one of the password authentication methods configured by the administrator.